This course teaches learners how to use Snyk to find and fix vulnerabilities in web applications. By the end of the course, students will be able to connect Snyk to Github, discover and deploy vulnerable web apps like Goof, identify and patch vulnerabilities such as directory traversal and prototype pollution, and validate changes using exploits. The teaching method includes practical demonstrations and hands-on exercises. This course is intended for cybersecurity enthusiasts, web developers, and anyone interested in learning about vulnerability assessment and remediation.
Overview
Syllabus
- BlitzProp HackTheBox Cyber Apocalypse CTF challenge Intro.
- What is snyk?.
- Snyk can be FREE!.
- Connecting Snyk to Github.
- Discovering Goof, the Vulnerable Web App.
- Deploying Goof.
- Interacting with Goof.
- Finding Directory Traversal/File Access.
- Snyk Vulnerability Database.
- Patching Vulnerabilities with Snyk.
- Pivoting back to the HackTheBox BlitzProp challenge.
- Finding Prototype Pollution and RCE with Snyk.
- Deploying the BlitzProp challenge with Docker.
- Exploiting the Prototype Pollution vulnerability.
- Using Snyk to Patch the Vulnerability.
- Validating the change with our exploit.
- Wrap Up & Thank You.
Taught by
John Hammond
