Source:-https://portswigger.net A new experiment by a Polish security researcher offers a fresh perspective on the well understood but still all too common problem of developers accidentally publishing secrets to code repositories. Andrzej Dyjak recently ran an experiment to see how long it took before a secret committed to a public repository (such as API or cryptographic keys) was exploited. An AWS key generated using the Thinkst Canary digital tripwire service was first compromised after 11 minutes when posted to GitHub,