YoVDO

Using Snyk to Find & Fix Vulnerabilities

Offered By: John Hammond via YouTube

Tags

Penetration Testing Courses Cybersecurity Courses Docker Courses GitHub Courses Directory Traversal Courses Web Application Security Courses Vulnerability Assessment Courses Snyk Courses

Course Description

Overview

Explore the power of Snyk in identifying and fixing vulnerabilities through a hands-on demonstration using the HackTheBox Cyber Apocalypse CTF challenge. Learn about Snyk's capabilities, including its free tier, and how to integrate it with GitHub. Discover and deploy Goof, a vulnerable web application, to practice finding security issues like directory traversal and file access. Dive into Snyk's vulnerability database and learn how to patch vulnerabilities effectively. Apply these skills to the BlitzProp challenge, focusing on prototype pollution and remote code execution. Follow along as the video guides you through deploying the challenge with Docker, exploiting the vulnerability, and using Snyk to patch it. Conclude by validating the fix and gaining valuable insights into practical application security.

Syllabus

- BlitzProp HackTheBox Cyber Apocalypse CTF challenge Intro.
- What is snyk?.
- Snyk can be FREE!.
- Connecting Snyk to Github.
- Discovering Goof, the Vulnerable Web App.
- Deploying Goof.
- Interacting with Goof.
- Finding Directory Traversal/File Access.
- Snyk Vulnerability Database.
- Patching Vulnerabilities with Snyk.
- Pivoting back to the HackTheBox BlitzProp challenge.
- Finding Prototype Pollution and RCE with Snyk.
- Deploying the BlitzProp challenge with Docker.
- Exploiting the Prototype Pollution vulnerability.
- Using Snyk to Patch the Vulnerability.
- Validating the change with our exploit.
- Wrap Up & Thank You.


Taught by

John Hammond

Related Courses

Hands-on Penetration Testing Labs 4.0
Udemy
ASP.NET Security
LinkedIn Learning
Secure Development, Programming, and Coding with Veracode
Cybrary
How to Identify and Exploit CVE-2021-43798 - Grafana Unauthenticated Directory Traversal
NahamSec via YouTube
Win the 0-Day Racing Game Against Botnet in Public Cloud
Black Hat via YouTube