YoVDO

Using Snyk to Find & Fix Vulnerabilities

Offered By: John Hammond via YouTube

Tags

Penetration Testing Courses Cybersecurity Courses Docker Courses GitHub Courses Directory Traversal Courses Web Application Security Courses Vulnerability Assessment Courses Snyk Courses

Course Description

Overview

Explore the power of Snyk in identifying and fixing vulnerabilities through a hands-on demonstration using the HackTheBox Cyber Apocalypse CTF challenge. Learn about Snyk's capabilities, including its free tier, and how to integrate it with GitHub. Discover and deploy Goof, a vulnerable web application, to practice finding security issues like directory traversal and file access. Dive into Snyk's vulnerability database and learn how to patch vulnerabilities effectively. Apply these skills to the BlitzProp challenge, focusing on prototype pollution and remote code execution. Follow along as the video guides you through deploying the challenge with Docker, exploiting the vulnerability, and using Snyk to patch it. Conclude by validating the fix and gaining valuable insights into practical application security.

Syllabus

- BlitzProp HackTheBox Cyber Apocalypse CTF challenge Intro.
- What is snyk?.
- Snyk can be FREE!.
- Connecting Snyk to Github.
- Discovering Goof, the Vulnerable Web App.
- Deploying Goof.
- Interacting with Goof.
- Finding Directory Traversal/File Access.
- Snyk Vulnerability Database.
- Patching Vulnerabilities with Snyk.
- Pivoting back to the HackTheBox BlitzProp challenge.
- Finding Prototype Pollution and RCE with Snyk.
- Deploying the BlitzProp challenge with Docker.
- Exploiting the Prototype Pollution vulnerability.
- Using Snyk to Patch the Vulnerability.
- Validating the change with our exploit.
- Wrap Up & Thank You.


Taught by

John Hammond

Related Courses

Computer Security
Stanford University via Coursera
Cryptography II
Stanford University via Coursera
Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera
Building an Information Risk Management Toolkit
University of Washington via Coursera
Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network