Inject secretsvia anenvironmentvariable intoyour appAlways use pre-approved datatransfer channelswhen dealing withclient’s or EPAMproprietary dataDo not publishEPAM or EPAMclientsproprietary codeto publicrepositoriesAlways usecorporate toolssuch as MS Teamsto sharescreenshots andvideo portal toshare a videosTo share informationwith a customer, usecorporate FTPservers, which havebeen designedspecifically for thispurposeNeversharepersonalpasswordsNever commitsecrets (keys,password,certificates) toGit repositoriesUse a passwordmanager thatsecurely stores andmanages thepasswords for youraccounts anddevicesNever store SSHkeys andcertificates in thesame directoriesas their sourcecodeAvoidsendingpasswords inemail or chatDo not store orshare secretinformationon publicsource coderepositories, suchas GitHub andBitbucketDo not ignorethe securityof test anddevelopmentenvironmentsNeverreuse yourcredentialsDo not usebrowsers tostore anykind of logininformationNever create afile on yourcomputer tostore your logininformationAlways usesecretsmanagement toolssuch as EPAMHashiCorp VaultInject secretsvia anenvironmentvariable intoyour appAlways use pre-approved datatransfer channelswhen dealing withclient’s or EPAMproprietary dataDo not publishEPAM or EPAMclientsproprietary codeto publicrepositoriesAlways usecorporate toolssuch as MS Teamsto sharescreenshots andvideo portal toshare a videosTo share informationwith a customer, usecorporate FTPservers, which havebeen designedspecifically for thispurposeNeversharepersonalpasswordsNever commitsecrets (keys,password,certificates) toGit repositoriesUse a passwordmanager thatsecurely stores andmanages thepasswords for youraccounts anddevicesNever store SSHkeys andcertificates in thesame directoriesas their sourcecodeAvoidsendingpasswords inemail or chatDo not store orshare secretinformationon publicsource coderepositories, suchas GitHub andBitbucketDo not ignorethe securityof test anddevelopmentenvironmentsNeverreuse yourcredentialsDo not usebrowsers tostore anykind of logininformationNever create afile on yourcomputer tostore your logininformationAlways usesecretsmanagement toolssuch as EPAMHashiCorp Vault

Securtiy bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
  1. Inject secrets via an environment variable into your app
  2. Always use pre-approved data transfer channels when dealing with client’s or EPAM proprietary data
  3. Do not publish EPAM or EPAM clients proprietary code to public repositories
  4. Always use corporate tools such as MS Teams to share screenshots and video portal to share a videos
  5. To share information with a customer, use corporate FTP servers, which have been designed specifically for this purpose
  6. Never share personal passwords
  7. Never commit secrets (keys, password, certificates) to Git repositories
  8. Use a password manager that securely stores and manages the passwords for your accounts and devices
  9. Never store SSH keys and certificates in the same directories as their source code
  10. Avoid sending passwords in email or chat
  11. Do not store or share secret informationon public source code repositories, such as GitHub and Bitbucket
  12. Do not ignore the security of test and development environments
  13. Never reuse your credentials
  14. Do not use browsers to store any kind of login information
  15. Never create a file on your computer to store your login information
  16. Always use secrets management tools such as EPAM HashiCorp Vault