Total Tests:

Scotiabank source code, credentials found open on GitHub: news report

By Howard Solomon for IT World Canada
Thursday, September 19, 2019

Scotiabank is not only a user of GitHub, it’s also a contributor to the ecosystem. Last year the bank announced its first open source contribution to the GitHub community so developers can use it for their applications.

Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, noted that public code repositories, various code and data sharing projects can greatly facilitate DevSecOps and accelerate agile software development. However, he added, they likewise bring a wide spectrum of critical business risks of inadvertent or careless data leaks exacerbated by third-party developers with insufficient security training.

“Some developers recklessly share passwords from production systems on Pastebin thereby opening doors to their digital realms without thinking about the consequences. Cybercriminals are well aware of the situation and are continuously crawling publicly accessible data sources to get sensitive source code, hard-coded credentials and API keys. Worst, they often succeed and their intrusions frequently remain undetected as virtually no abnormal activities happens.

“Large companies need to thoughtfully design a secure software development policy, and properly enforce and monitor it. Regular security training for developers should be an essential part of the policy. Special attention must be given when developers are outsourced to third-parties unfamiliar with security procedures and best practices.” Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential