Explore the power of Snyk in identifying and fixing vulnerabilities through a hands-on demonstration using the HackTheBox Cyber Apocalypse CTF challenge. Learn about Snyk's capabilities, including its free tier, and how to integrate it with GitHub. Discover and deploy Goof, a vulnerable web application, to practice finding security issues like directory traversal and file access. Dive into Snyk's vulnerability database and learn how to patch vulnerabilities effectively. Apply these skills to the BlitzProp challenge, focusing on prototype pollution and remote code execution. Follow along as the video guides you through deploying the challenge with Docker, exploiting the vulnerability, and using Snyk to patch it. Conclude by validating the fix and gaining valuable insights into practical application security.
Overview
Syllabus
- BlitzProp HackTheBox Cyber Apocalypse CTF challenge Intro.
- What is snyk?.
- Snyk can be FREE!.
- Connecting Snyk to Github.
- Discovering Goof, the Vulnerable Web App.
- Deploying Goof.
- Interacting with Goof.
- Finding Directory Traversal/File Access.
- Snyk Vulnerability Database.
- Patching Vulnerabilities with Snyk.
- Pivoting back to the HackTheBox BlitzProp challenge.
- Finding Prototype Pollution and RCE with Snyk.
- Deploying the BlitzProp challenge with Docker.
- Exploiting the Prototype Pollution vulnerability.
- Using Snyk to Patch the Vulnerability.
- Validating the change with our exploit.
- Wrap Up & Thank You.
Taught by
John Hammond
