Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io
Cloud Threat Landscape
/Defenses
Defenses
/
Secret Scanning

Secret Scanning

Type
Active Scanning
D3FEND Tactic
File Analysis (D3-FA)
TL;DR

Detects at-risk secrets across an organization's systems.

Description

The process of automatically detecting exposed or cleartext secrets like API keys, passwords, and certificates, within an organization's systems.

Techniques
Abuse access to existing KMS keyCredential harvesting from code repositoryRegistry secret scanning

Made with 💙 by Wiz

Last Updated: April 3, 2025