• Version
• Download 2
• File Size 347.57 KB
• File Count 1
• Create Date 8 December 2024
• Last Updated 8 December 2024

Early Detection of Hard-Coded Secrets in Software Development: A Multi-Method Approach Integrating Static Analysis, Entropy-Based Detection, and Machine Learning

Mithilesh Ramaswamy, Email: rmith87@gmail.com

Abstract

The inadvertent inclusion of hard-coded secrets—such as API keys, passwords, and tokens—within source code poses significant security risks, potentially leading to unauthorized access and data breaches. Recent studies have highlighted the prevalence of this issue; for instance, GitGuardian's 2023 report revealed a 67% increase in detected hard-coded secrets compared to the previous year, with 10 million new secrets discovered in public GitHub commits in 2022. To address this escalating concern, our research proposes a comprehensive, multi-method approach that integrates static code analysis, entropy-based detection, and machine learning techniques to enhance the early identification of hard-coded secrets during the software development lifecycle. By combining these methodologies, the proposed approach improves detection accuracy, reduces false positives, and provides developers with actionable insights to mitigate security vulnerabilities proactively. This integrated strategy not only strengthens the security posture of software applications but also fosters a culture of secure coding practices among development teams.

Keywords

Shift-Left Security, Secrets Detection, Static Analysis, Entropy-Based Detection, Machine Learning, Hard-Coded Secrets, Secure Development Lifecycle