Sign up to save your podcasts
Or
Share What are Granular Access Tokens and why is everybody talking about them?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
What are Granular Access Tokens and why is everybody talking about them?
Microsoft is introducing granular personal access tokens for its Azure DevOps REST APIs to limit the risks and damages when access credentials are leaked or stolen. Now, some weeks back, the renowned cybersecurity firm – Praetorian came out with details on how their researchers accessed the internal corporate networks of companies using GitHub, an entity owned by Microsoft, for their CI/CD tools. The researchers were able to compromise the access to GitHub using an accidentally leaked PAT.
According to Praetoria’s report, there are multiple ways in which developers could compromise a personal access token – they could fall victim to a phishing scam, or their devices could get compromised, or they might mistakenly include the PAT in the command-line logs!
Personal Access Tokens or PATs are alternatives to passwords and are used for authenticating the identity of someone accessing a system or website. They are also used to authenticate the identities of the developers using the various APIs and scripts on a platform. In this particular case, the personal access tokens are used to authenticate users and developers into Azure DevOps. A personal access token would have a lot of information embedded into it.
Azure DevOps, the personal access tokens would contain information about an individual’s security credentials which would help the system identify the individual as well as provide other information such as the organizations that they have access to & the scope of every access. But with evolving systems and safeguards, cybercriminals tend to switch tactics too, focusing increasingly on stealing access credentials to corporate networks instead of just compromising systems.
Personal access tokens have evolved too. Earlier, the PATs were relatively more coarse-grained, giving access to all repositories and organizations which were accessible to token’s users, without any associated control or visibility of what was happening to the user’s organizations. Over time, there was a need to change this and the personal access tokens have gotten significantly finer-grained now.
To earn this Microsoft certification, you need to clear the official Microsoft certification exam – AZ-400: Designing and Implementing Microsoft DevOps Solutions. This Microsoft certification is ideal for developers and infrastructure administrators who also have subject matter expertise in working with people, processes, and products to enable the continuous delivery of value in their organizations. If this is a path you would like to embark on or you would like to know more about this or any of our other live online instructor-led training and certification courses, talk to us today!
View all episodes
By CognixiaMicrosoft is introducing granular personal access tokens for its Azure DevOps REST APIs to limit the risks and damages when access credentials are leaked or stolen. Now, some weeks back, the renowned cybersecurity firm – Praetorian came out with details on how their researchers accessed the internal corporate networks of companies using GitHub, an entity owned by Microsoft, for their CI/CD tools. The researchers were able to compromise the access to GitHub using an accidentally leaked PAT.
According to Praetoria’s report, there are multiple ways in which developers could compromise a personal access token – they could fall victim to a phishing scam, or their devices could get compromised, or they might mistakenly include the PAT in the command-line logs!
Personal Access Tokens or PATs are alternatives to passwords and are used for authenticating the identity of someone accessing a system or website. They are also used to authenticate the identities of the developers using the various APIs and scripts on a platform. In this particular case, the personal access tokens are used to authenticate users and developers into Azure DevOps. A personal access token would have a lot of information embedded into it.
Azure DevOps, the personal access tokens would contain information about an individual’s security credentials which would help the system identify the individual as well as provide other information such as the organizations that they have access to & the scope of every access. But with evolving systems and safeguards, cybercriminals tend to switch tactics too, focusing increasingly on stealing access credentials to corporate networks instead of just compromising systems.
Personal access tokens have evolved too. Earlier, the PATs were relatively more coarse-grained, giving access to all repositories and organizations which were accessible to token’s users, without any associated control or visibility of what was happening to the user’s organizations. Over time, there was a need to change this and the personal access tokens have gotten significantly finer-grained now.
To earn this Microsoft certification, you need to clear the official Microsoft certification exam – AZ-400: Designing and Implementing Microsoft DevOps Solutions. This Microsoft certification is ideal for developers and infrastructure administrators who also have subject matter expertise in working with people, processes, and products to enable the continuous delivery of value in their organizations. If this is a path you would like to embark on or you would like to know more about this or any of our other live online instructor-led training and certification courses, talk to us today!