search

OWASP / SEDATED

SEDATED® Project (Sensitive Enterprise Data Analyzer To Eliminate Disclosure)
BSD 3-Clause "New" or "Revised" License
110 stars 36 forks source link

Business Justification #7

Open teja7157 opened 5 years ago

teja7157 commented 5 years ago

Hi Team, My Manger has asked me to draft a document justifying sedated in our business

I provided him this -Sedated is trigger by GitHub hook when code is committed to the repository it checks for sensitive information and rejects the commit if found this protects sensitive information from being viewed by unauthorized users.

But he would like more information. I am not real familiar with Sedated Does any one have a resource or reference to help me out

SimeonCloutier commented 5 years ago

@teja7157 Thanks for reaching out! I would definitely recommend reading the "Purpose" section of our README (link below). Additionally, you can check out this video below of Dennis and I (authors) giving a presentation on SEDATED at AppSecCali last year. Hope this helps, let us know if we can be of more assistance.

https://github.com/OWASP/SEDATED#purpose https://www.youtube.com/watch?v=mNjIhCq4Qfw&t=167s

Thanks, Simeon

teja7157 commented 5 years ago

Thanks for that but need to get this information about SEDATED

communication for the leaders to understand what risks SEDATED is addressing for the enterprise.

SimeonCloutier commented 5 years ago

@teja7157 If the following text from the purpose section of our readme is not what you are looking for, can you be more specific as to what you are looking for? From a security perspective, gaining access to sensitive data(like database credentials, user passwords, etc..) has endless potential and very high risks associated with it.

Purpose With the myriad of code changes required in today's CICD environment developers are constantly pushing code that could unintentionally contain sensitive information. This potential sensitive data exposure represents a huge risk to organizations (2017 OWASP Top Ten #3 - Sensitive Data Exposure). SEDATED℠ addresses this issue by automatically reviewing all incoming code changes and providing instant feedback to the developer. If it identifies sensitive data it will prevent the commit(s) from being pushed to the Git server.

SimeonCloutier commented 4 years ago

@teja7157 FYI, we just released a new version of SEDATED®, with lots of improvements (see below).

https://github.com/OWASP/SEDATED/releases/tag/v1.2.0