BeVigil secrets scanning partner program

BeVigil Secret Scanning Partner ProgramGet instant alerts every time BeVigil discovers leakage of API keys/tokens/secrets, caused due to your customers accidentally hardcoding sensitive secrets in their mobile app source code

Enable Alerts now!

Secrets Identified till date

API Keys

838K

Auth Tokens

150K

Buckets

697K

Unique Rules

400+

Steps to quickly get started

Step 1: Register

The first step is to provide Vendor details including Name, Company name and an email address to which the alerts will be delivered if the alert channel is set to 'Email'

Step 2: Add Custom Pattern

The second step enables adding multiple pattern names and pattern regexes to be configured. BeVigil scan engine will monitor for this regex and alert for matches

Step 3: Alerts

In the final step, vendors provide the preferred channel to receive alerts. Currently, email, webhook, and Slack webhook are the supported channels.

Recently reported incidents due to Hardcoded Secrets

How Leaked Twitter API Keys Can be Used to Build a Bot Army

CloudSEK’s BeVigil, the world’s first security search engine for mobile apps, uncovered 3207 apps, leaking Twitter API keys, that can be utilized to gain access to or to take over Twitter accounts.

Aug 01, 2022

Hardcoded GitHub Personal Access Tokens Leak 159 Private Repositories

Our researchers using BeVigil, a security search engine, were able to find 159 private GitHub repositories that contained the source code of 10 organizations.

Jun 22, 2022

Exposed HubSpot API Keys Compromise 1.6 Million Users’ Data

Over 1.6 million names, emails, and contact numbers are exposed by apps with hardcoded HubSpot API keys. HubSpot issues its users with API keys that developers utilize in their applications.

Feb 15, 2022

Exposed Payment Integration API Keys Imperil Millions of Users’ Transaction Details and PII

During our investigation, we found that out of the 13,000 apps currently uploaded to BeVigil, ~250 apps used the Razorpay API to enable financial transactions. And ~5% of these apps, i.e. 10 apps were found to be exposing their payment integration key ID and key secret

Sep 16, 2021

Mobile Apps Exposing AWS Keys Affect 100M+ Users’ Data

CloudSEK’s BeVigil, a security search engine for mobile apps, has found that 0.5% of mobile apps expose AWS API keys, thus putting their internal networks and data at high risk.

Apr 27, 2021

The Surge of Cybersecurity Challenges in Neobanking

CloudSEK’s BeVigil, a security search engine, scanned widely used Neobanking apps and found a wide array of security vulnerabilities leading to exposure of secrets/sensitive data, dangerous permissions compromising user’s security, and found trackers in apps resulting in severe privacy compromises

Feb 8, 2022

Unraveling Assets from Android Apps at Scale

Over the years, large-scale scanning of the internet has enabled the security community to identify widespread vulnerabilities and mitigate them before they can be exploited.

Mar 17, 2022

Enable Alerts now!

BeVigil - The internet's first and only security search engine for mobile apps

Instantly find the risk score of any app

Search over app metadata

View and browse through the application code

You will be able to analyze code at scale and easily search for API keys, regexes, etc to see the matches in different files of an application. Analyze quality, patterns, and security bugs in code. Investigate other parts of the application using our application file browser.

Security Report and Risk Score

Find vulnerabilities/ secrets in applications from the APK scanner report. Enable app developers and organizations to be proactive by tracking security issues and repackaging their applications. Find vulnerabilities / secrets in applications.

APK Scanning on demand

Mitigate the risk of irrelevant results for those wishing to discover vulnerabilities within a specific application. Choose to directly upload your application files to the platform.