Try English LT! for engineers 第10回 2024.03.18 WaTTson

2

3 Rookie @senpai plz help me! I'm stuck at this step.... screenshot.png ▼

4 Rookie @senpai plz help me! I'm stuck at this step.... screenshot.png ▼ Senpai Oh, be careful! Your personal access token is visible in the screenshot 😱 secret:wJalrXUtnFEMI/K7MDEN G/bPxRfiCYEXAMPLEKEY

5 Senpai I dedicate this song for you: "Do not Post Credentials on Slack" High School Song ▼ YouTube

　 "Do not post credentials on Slack" High School Song 2024.03.18

　 7 2022.4 joined freee K.K. PSIRT: product security incident responce team WaTTson PSIRT Takeshi Tokunaga プロフィール画像の トリミング⽅法

8 freee K.K. Empower Small Businesses to Take Center Stage accounting HR Tax filing Founding Workload management Smart ordening

9 Information assets accounting HR ● financial information ● accounting journal ● bank account information ● credit card statement ● employee personal information ● attendance ● payroll information

10 Protect information assets: trust boundary S A × × trust boundary ● not allow information to go outside the boundary ● strictly control access to the information ✓ ✓ × ✓

11 Credential information ● user id ● secret id ● password ● client token ● access token ● secret token ● access key ● private key etc.... Credential information must be treated as securely as the information assets which you can access with it user id ********** LOGIN

12 Rookie @senpai plz help me! I'm stuck at this step.... screenshot.png ▼ Senpai Oh, be careful! Your personal access token is visible in the screenshot 😱 # public_channel secret:wJalrXUtnFEMI/K7MDEN G/bPxRfiCYEXAMPLEKEY

13 Systematically treat secret informations password managers Multi-Factor Authentication **********

14 So, what should we do?

15 "Do not post credentials on Slack" High School Song

16 https://developers.freee.co.jp/entry/credential-high-school-song

17 ◀ featured in ITmedia news answer song by GitHub Japan ▶

Appendix

19

スモールビジネスを、世界の主役に。