Cloud-based Code-Sharing Platform
A Cloud-based Code-Sharing Platform is a web-based service that allows developers to store, share, and collaborate on code. These platforms typically offer features like version control, access control, and collaboration tools, and they host the code and related data on their servers. Popular examples include GitHub, GitLab, and Bitbucket.
It's essential to stay on top of an organization's and its parties' presence on these platforms from an EASM and digital risk perspective due to the following reasons:
Exposure of Sensitive Data: Code repositories can contain sensitive information like API keys, database credentials, and internal system configurations. Publicly accessible or improperly secured repositories can lead to data breaches and unauthorized access.
Vulnerability Identification: The code hosted on these platforms might contain vulnerabilities attackers can identify and exploit. This can compromise the organization's applications and systems.
Intellectual Property Theft: Proprietary code, algorithms, and business logic stored on these platforms can be stolen by competitors, leading to a loss of competitive advantage.
Reputational Damage: Leaked code, security vulnerabilities, or adverse comments within code repositories can damage an organization's reputation.
Third-Party Risk: Partners or contractors might inadvertently expose sensitive data related to the organization while using these platforms.
By actively monitoring cloud-based code-sharing platforms, organizations can:
Identify and mitigate data leaks: Regularly scan repositories for sensitive information.
Detect and address vulnerabilities: Analyze code for potential security flaws.
Protect intellectual property: Implement access controls and security measures to safeguard proprietary code.
Manage third-party risk: Extend monitoring and security policies to partners and contractors.
ThreatNG offers a robust solution to manage the risks associated with cloud-based code-sharing platforms:
1. External Discovery: ThreatNG automatically discovers an organization's presence on platforms like GitHub, GitLab, and Bitbucket, even identifying repositories created by employees, partners, or contractors. This external, unauthenticated discovery requires no internal access or agents.
2. External Assessment: ThreatNG evaluates the risks associated with discovered repositories.
Sensitive Code Exposure Module: This investigation module directly addresses the analysis of "Exposed Public Code Repositories uncovering digital risks that include Access Credentials (API Keys, Access Tokens, Generic Credentials, Cloud Credentials, Security Credentials, Other Secrets), Database Exposures (Database Files and Database Credentials), Application Data Exposures, Activity Records, Communication Platform Configurations, Development Environment Configurations, Security Testing Tools, Cloud Service Configurations, Remote Access Credentials, System Utilities, Personal Data, User Activity, and Mobile Apps."
Online Sharing Exposure Module: This module focuses on identifying and assessing organizational presence within online code-sharing platforms, which would inherently involve analyzing the code repositories for sensitive information exposure.
Data Leak Susceptibility: ThreatNG combines code analysis findings with dark web presence and domain intelligence for a comprehensive data leak susceptibility rating. This helps prioritize critical risks.
3. Continuous Monitoring: ThreatNG monitors the organization's presence on these platforms and other external sources for changes or new exposures. This ensures that any new content containing sensitive information is quickly identified and addressed.
4. Investigation Modules: ThreatNG offers modules to investigate identified risks.
Online Sharing Exposure Module: Provides details about the organization's presence on code-sharing platforms, including specific repositories, content, and associated accounts.
Sensitive Code Exposure Module: Analyzes exposed code for sensitive information, breaking down potential risks.
Domain Intelligence, IP Intelligence, and Certificate Intelligence Modules: Gather context about shared code, including associated domains, IP addresses, and certificates, helping identify the source of exposure and assess the potential impact.
5. Policy Management: ThreatNG enables organizations to define and enforce cloud-based code-sharing platform usage policies.
Customizable Risk Configuration and Scoring: Organizations can customize the risk scoring model to align with their risk tolerance and prioritize critical exposures.
Dynamic Entity Management: Define and track entities like employees, partners, and contractors to ensure that their shared content is monitored.
Exception Management: Provides granular control over investigations, allowing focus on the most relevant risks.
Pre-built Policy Templates: Offers templates as a starting point for code-sharing platform usage policies.
6. Intelligence Repositories: ThreatNG's intelligence repositories, including dark web data and compromised credentials, enrich the analysis of exposed code.
7. Working with Complementary Solutions: ThreatNG integrates with other security tools like SIEM systems and threat intelligence platforms.
Examples of ThreatNG Helping:
Identifying a leaked API key: ThreatNG discovers a repository on GitHub containing an API key. The organization can then revoke the key.
Detecting a vulnerability: ThreatNG identifies a vulnerable code snippet in a public GitLab repository. The organization can then patch the vulnerability.
Protecting intellectual property: ThreatNG alerts on a public Bitbucket repository containing proprietary code, allowing the organization to take it down.
Examples of ThreatNG Working with Complementary Solutions:
Correlating with SIEM events: ThreatNG's alerts are correlated with SIEM events for a comprehensive security view.
Enriching threat intelligence: ThreatNG's intelligence repositories enrich threat intelligence feeds.
