Hardly Strictly Security

Going beyond compliance with cybersecurity experts and open-source professionals.

33 min

(The) Postman carries a lot of secrets

We're open sourcing a new tool that identifies secrets in Postman. This talk digs into research showing how Postman became one of the largest public sources of leaked secrets, walks through the unique challenges of identifying secrets in Postman workspaces, and provides suggestions on how to secure your developer's usage of Postman, using open source tools like TruffleHog.

Dylan Ayrey

Dylan Ayrey

Co-founder & CEO at Truffle Security

Joseph Leon

Joseph Leon

Security Research Evangelist at Truffle Security

Thumbnail for Welcome Keynote - Democratizing the language of cybersecurityThumbnail for Essential Open Source Learnings for Security SuccessThumbnail for ZAP Authentication: What, why and how?Thumbnail for TrashPanda - Using Nuclei to rummage through your cloudsThumbnail for Cloud resource management in the playgroundThumbnail for Navigating our future battlefield: Exploring the intersection of cybersecurity and AIThumbnail for Growing VC interest in open source security companiesThumbnail for Betting on the right horse, when the odds on open source are in your favorThumbnail for Hardening your perimeter with open source toolingThumbnail for Journey into ethical hackingThumbnail for Zero to 1: Getting started with cybersecurityThumbnail for Sliver: An open source red team frameworkThumbnail for The software sausage is past its expiration date: Current state of software supply chain securityThumbnail for (The) Postman carries a lot of secretsThumbnail for Safeguarding digital frontiers: Exploring AI's role in open source securityThumbnail for Beyond Code: Leveraging open source strategies for red teamingThumbnail for How secure is your open source project? A story about open source software supply chains
(The) Postman carries a lot of secrets | Hardly Strictly Security