BeVigil Secret Scanning Partner ProgramGet instant alerts every time BeVigil discovers leakage of API keys/tokens/secrets, caused due to your customers accidentally hardcoding sensitive secrets in their mobile app source code
Secrets Identified till date
Steps to quickly get started
Step 1: Register
The first step is to provide Vendor details including Name, Company name and an email address to which the alerts will be delivered if the alert channel is set to 'Email'
Step 2: Add Custom Pattern
The second step enables adding multiple pattern names and pattern regexes to be configured. BeVigil scan engine will monitor for this regex and alert for matches
Step 3: Alerts
In the final step, vendors provide the preferred channel to receive alerts. Currently, email, webhook, and Slack webhook are the supported channels.
Recently reported incidents due to Hardcoded Secrets
How Leaked Twitter API Keys Can be Used to Build a Bot Army
CloudSEK’s BeVigil, the world’s first security search engine for mobile apps, uncovered 3207 apps, leaking Twitter API keys, that can be utilized to gain access to or to take over Twitter accounts.
Aug 01, 2022
Hardcoded GitHub Personal Access Tokens Leak 159 Private Repositories
Our researchers using BeVigil, a security search engine, were able to find 159 private GitHub repositories that contained the source code of 10 organizations.
Jun 22, 2022
Exposed HubSpot API Keys Compromise 1.6 Million Users’ Data
Over 1.6 million names, emails, and contact numbers are exposed by apps with hardcoded HubSpot API keys. HubSpot issues its users with API keys that developers utilize in their applications.
Feb 15, 2022
Exposed Payment Integration API Keys Imperil Millions of Users’ Transaction Details and PII
During our investigation, we found that out of the 13,000 apps currently uploaded to BeVigil, ~250 apps used the Razorpay API to enable financial transactions. And ~5% of these apps, i.e. 10 apps were found to be exposing their payment integration key ID and key secret
Sep 16, 2021
Mobile Apps Exposing AWS Keys Affect 100M+ Users’ Data
CloudSEK’s BeVigil, a security search engine for mobile apps, has found that 0.5% of mobile apps expose AWS API keys, thus putting their internal networks and data at high risk.
Apr 27, 2021
The Surge of Cybersecurity Challenges in Neobanking
CloudSEK’s BeVigil, a security search engine, scanned widely used Neobanking apps and found a wide array of security vulnerabilities leading to exposure of secrets/sensitive data, dangerous permissions compromising user’s security, and found trackers in apps resulting in severe privacy compromises
Feb 8, 2022
Unraveling Assets from Android Apps at Scale
Over the years, large-scale scanning of the internet has enabled the security community to identify widespread vulnerabilities and mitigate them before they can be exploited.
Mar 17, 2022
Enable Alerts now!