BUSINESS TECHNOLOGY MEDIA COMPANY
Companies
Sectors

Praetorian's Nosey Parker detects secrets in code

Read time 1min 50sec

Offensive cyber security company Praetorian has introduced Nosey Parker, a new module for its recently announced Chariot Platform. 

Chariot is a total attack lifecycle solution that includes an intelligent attack surface management platform and offensive security managed service.

According to the company, the inadvertent exposure of confidential data is one of the more common ways attackers gain a foothold in the organisation.

Nosey Parker aims to address the pervasive and persistent problem of secret exposure in source code and configuration files, which includes sensitive information like passwords, API keys, access tokens, asymmetric private keys, client secrets and credentials.

Machine learning-powered, Nosey Parker is a multi-phase solution that enables application security engineers, cloud security engineers, site reliability engineers, and developers to detect secrets in code. The scanner consists of a pure regular expression (regex) pattern matcher, a ML-based de-noiser to eliminate false positives, and a powerful, standalone ML scanner which is not limited by any predefined set of patterns.

The solution also has a significantly higher signal-to-noise ratio than many other alternatives, Praetorian says. “With the ML de-noiser, false positives are all but eliminated. Moreover, the standalone ML-powered scanner has the ability to find secrets that are difficult or impossible to write precise patterns for.”

Total attack lifecycle solution

Last week, Praetorian released Chariot, a total attack lifecycle solution featuring an intelligent attack surface management (ASM) platform and offensive security managed service.

Using automation and artificial intelligence, the Chariot platform identifies attack surface exposure points using both outside-in (adversarial) and inside-out (cloud-integration) knowledge to prioritise risk.

The inadvertent exposure of confidential data is one of the more common ways attackers gain a foothold in the organisation.

Praetorian

The company’s red team experts then extend the technology by emulating the latest attack techniques to validate compromise paths and integrate into customer enterprise security teams to eliminate false positives and speed risk mitigation.

The aim, according to Praetorian, is for its security engineering and knowledge to help overburdened security teams facing talent shortages and rapidly changing Internet-based environments to identify, attack, detect and prevent real compromises within minutes.

See also