This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP AppSec DC 2012/Friends dont let friends store passwords in source code

From OWASP
Revision as of 01:00, 12 March 2012 by Mark.bristow (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

Passw3rd is a encryption library intended to encrypt and store passwords outside of source code. This is a problem that has been solved in hundreds of half-baked ways, or it is a problem that is often overlooked.
Some advantages of keeping credentials out of source code are: Credentials are not passed around when source code is shared. Unintentional exposure of source code does not reveal credentials. Read-access to source code can be much more permissive. Source code can be checked into version control systems without concern for exposure of credentials. It is easier to change credentials without having to worry about changing all instances. Leaving credentials in source code leads to poor password management in general. If changing a credential requires you to change code, you are less likely to want to do it.
https://github.com/oreoshake/passw3rd

The Speakers

Neil Matatall

AppSecDC12-matatall.jpg
Neil Matatall is an information security engineer at Twitter who focuses on tools that help developers code more securely. In recent years, his focus has been on Ruby and the Ruby on Rails framework with a passion for open source communities and technologies. Recent work includes static analysis with an emphasis on making the tools useful for developers. Neil is currently the organizer for OCRails, a local Ruby on Rails meetup group and was formerly an OWASP chapter leader and committee member.

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

SPL-LOGO-MED.png

Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg