HackTheBox CA CTF - Using Snyk to Find & Fix Vulnerabilities

This was both refreshing and humbling.

Didn’t know such easy-to-learn tools to get into the AppSec space even existed or were this accessible.

Would be great to see videos on your Career, how you knew Security was for you, & what you do to keep up to date with the latest trends in this Space.

We need some kind of script that scans real url and find how to hack it

Have to give it a dislike as you don't say it's a paid promotion/sponsored video till the end, basically an advertisement.

Makes you look dodgy/questionable/untrustworthy

Have seen a couple (read 2 or 3) your other videos and they were interesting, but this make me question your integrity.

Now add backwards compatibility to the mix!

I see how this could work in a CI/CD context on new apps though.

what application launcher are you using? :)

Could you use this in a King of the Hill to hold off the others?

Thanks John , You make me realize how vulnerable the apps we have developed . We were only focusing on the end-user requirement .

Tool is cool and all, but mention "includes paid promotion"

You hit ignore on most of them.

I'd love to see Snyk target Mutilidae or Juice Shop or one of those

Bro, I am in depression after seeing your couple of videos.. So much I have to learn..I was thinking I know something about hacking, now it seems I know nothing😞

@John not to discredit Snyk and similar tools that I'm sure do more than check your dependency management (e.g. trying RCEs using libraries that are used like what they call ImageTragick), running `npm audit` and `npm audit fix` would capture what is in this video.

I saw the thumbnail and thought "I need to see Ed Sheeran fixing vulnerabilities".

I'm literally making a web app vulnerability scanner right now for my a level NEA project wow 😂

<3

Dope!

Hey from where can i learn python scripting? like to automate tasks and make tools. can you suggest some good resources?

I cannot believe you have never heard of them. We have been using them for like 2 years

Diggin the shirt, I have one myself :D

sick!

Don’t sub or like non music but love the video

yea synk is also incorporated into chromes dev tools.. if u run lighthouse tests it gens that report and refers u to snyk too good

Super cool ! Great video as always bro

Don’t forget to register your copy of Sublime Text 😄

Great ad, John! Thanks for putting this together. I hope they paid you BIG $$$ for that 1/2 hour ad.

For next vid, please fix your mic settings. Listening through headset. Audio is clipping badly. Turn that gain down a bit 😉

I would have prefer you to disclose the sponsorship at beginning of the video not at 20 seconds from the end.

Otherwise great demo and a lot of potential from using snyk for CTF!

lol "The BESTest todo app "evar"

ippsec vs john Hammond pls

Nice!

Thank you for everything you do 😊

This is definitely a legit tool!! I hope to see more iterations of this in the future as the importance of "shifting left" becomes the norm.

KOTH Nuke button

Sir is there any giveaway

I enjoy your videos but your mic is either too close to your mouth or the signal is a bit hot causing distortion. :)

Wow Snyk is awesome! What a great idea for security programs for startups and projects and even better it’s open-source !

Amazing video again john. I have a question in order to understand all that kind of web attacks is it better to know the technology like building a node app or php app and see why the vulnerability existed in first place? Like No sql injection etc.

SNYK is OP ❤️

Very interesting topic. I have to say tho, the audio is a bit clippy

Thanks to this guy I put my hands on keyboard, Learning all nights a bit of hacking. Thanks John.

Thanks for bringing up super cool videos frequently. i'm always excited to watch them out

Hello 👋

It premieres at 3am for me I have to watch it when I wake up.