OWASP AppSec DC 2012/Friends dont let friends store passwords in source code

The Presentation
Passw3rd is a encryption library intended to encrypt and store passwords outside of source code. This is a problem that has been solved in hundreds of half-baked ways, or it is a problem that is often overlooked. Some advantages of keeping credentials out of source code are: Credentials are not passed around when source code is shared. Unintentional exposure of source code does not reveal credentials. Read-access to source code can be much more permissive. Source code can be checked into version control systems without concern for exposure of credentials. It is easier to change credentials without having to worry about changing all instances. Leaving credentials in source code leads to poor password management in general. If changing a credential requires you to change code, you are less likely to want to do it. https://github.com/oreoshake/passw3rd

The Speakers
Neil Matatall