Want to create an interactive transcript for this episode?
Podcast: The Security Repo
Episode: Secrets inside packages, scanning Python PyPi for credentials with Tom Forbes
Description: In this episode, we sit down with Tom Forbes to discuss his 'side project gone wrong' and how he found live AWS credentials inside many Python packages hosted on PyPi.
Tom didn't expect to find sensitive information inside public Python packages, but was surprised when he was contacted about removing data from his GitHub project. After some research, he discovered live AWS secrets in the source code and went on a journey to discover how many secrets there actually were inside PyPi packages. In this episode, Dwayne and Mackenzie dive into Toms's research to discover how the project started...