- 9
- 48 502
Abhay Bhargav
เข้าร่วมเมื่อ 31 ธ.ค. 2008
What I am Learning and NOT learning in 2021 - As a Cyber-security Professional and CEO
This year, I decided to make a video about what I am planning to learn and NOT learn. I am a technologist who's focused on security. I regularly break and build apps for my customers, as part of my work for we45 (my company).
In this video, I look at specific technologies I want to learn and NOT learn. I describe my motivations in detail. I discuss languages like Nim, VLang, Rust, TypeScript as well as cloud technologies like Azure, AWS, etc. In addition, I talk about database tech like FaunaDB, etc
In this video, I look at specific technologies I want to learn and NOT learn. I describe my motivations in detail. I discuss languages like Nim, VLang, Rust, TypeScript as well as cloud technologies like Azure, AWS, etc. In addition, I talk about database tech like FaunaDB, etc
มุมมอง: 244
วีดีโอ
I watched all the security talks at KubeCon NA 2020. This is what I learned
มุมมอง 1163 ปีที่แล้ว
PK with Tabitha Sable Link: [kccncna20.sched.com/event/ekES/pki-the-wrong-way-simple-tls-mistakes-and-surprising-consequences-tabitha-sable-datadog](kccncna20.sched.com/event/ekES/pki-the-wrong-way-simple-tls-mistakes-and-surprising-consequences-tabitha-sable-datadog) - Certificate with the `O` value set to `system:masters` is great to pillage, because it is available even if the cert is delete...
Python's Poetry Package Manager and integration with Source Composition Analysis tool - Snyk
มุมมอง 1K3 ปีที่แล้ว
Poetry is an awesome new package, build and dependency management framework for python. It solves a lot of serious issues that previous Python package managers have not been able to solve. Snyk is a source composition analysis tool that scans libraries and project dependencies across multiple languages and platforms, including Python, Go, NodeJS and others. Snyk recently released features that ...
DynamoDB Single Table Data Models: Explainer Video - Maximize AWS DynamoDB Performance
มุมมอง 3K3 ปีที่แล้ว
In this video, I'll be doing an end-to-end explainer video on Single-Table Data Modeling or Single-Table Design for DynamoDB. Why? Single-Table Data-Models with AWS DynamoDB are a really powerful way of maxing out your database performance. With no unnecessary (and costly) joins, Single Table Data Models deliver high performance for your apps that are backed by DynamoDB. Single-Table Data Model...
Seven Deadly Sins of Containers - Part 2
มุมมอง 2105 ปีที่แล้ว
This video is AppSecEngineer's Part 1 of Seven Deadly Sins of Container Security. These specifically refer to 7 different mistakes that people and orgs make when running containerized deployments in their environment. Follow @abhaybhargav on twitter for more content Or subscribe to our blog at www.abhaybhargav.com
AppSecEngineer - Seven Deadly Sins of Container Security - Part 1
มุมมอง 3505 ปีที่แล้ว
This video is AppSecEngineer's Part 1 of Seven Deadly Sins of Container Security. These specifically refer to 7 different mistakes that people and orgs make when running containerized deployments in their environment. Follow @abhaybhargav on twitter for more content Or subscribe to our blog at www.abhaybhargav.com
Content-Security-Policy: An Introduction
มุมมอง 43K5 ปีที่แล้ว
Content-Security-Policy (CSP) is a major control to protect against Cross-Site Scripting Attacks. This video talks about both offensive and defensive perspectives of Content-Security-Policy implementations for your application For more such content, subscribe to my channel dedicated to security: th-cam.com/users/AppSecEngineer
ThreatPlaybook Demo
มุมมอง 1486 ปีที่แล้ว
Demo of ThreatPlaybook - An Action-Oriented Threat Modeling and AppSec Automation Framework
Pls clarify, How do we mange this CSP in SPA(single page applications)....In my case it is React JS
Nice explanation.. I see very less videos in your video channel. Why ?
How can we integrate CrewAI with gradio
Very informative Video, One request please share link to the source code of the application...
Autogen?
Didn’t have the time to cover autogen. Probably make that a separate video
This is best video for learning CSP
very thorough, thanks for the demo!
Very Well explained, the details you go into are very helpful
This is one of the best videos I have ever seen on any topic.
Thank you
Excellent Explanation
Much appreciated. thanks.
My name is also Abhay 😊. I am willing to implement some SAST in kubernetes, can u guide ?
Please follow AppSecEngineer on TH-cam. We have a lot of material that you'll find useful there th-cam.com/users/AppSecEngineer
@@abhaybhargav Didn’t find any such video on that. Please do share
I found this video a while ago and saved it. This fundemental for websites and web applications to mitigate XSS attacks. I came across a 'trusted scripts assignment' error in the console and after a ton of research i've started implementing a CSP header (you can also use the meta tag to set a CSP) but i still needed more info so i came back here. Thanks for taking time to make this video Abhay i can see that you've gone through some lengths to hide personal info before uploading the video so its really appreciated and its going to help alot.
Great content, learnt valuable lesson from you as a web developer.
One of the best videos explaining dynamodb pkand sk concepts in real world scenarios
thanks very much :)
Awesome information - really clear - thanks!
Thank you!
Willing to talk to you around some appsec problems that i want to solve for my company. Kindly accept my invite on LinkedIn
This is a very perspicuous explanation/ intro into CSP! Thanks!
Thank you!
Hey Ashish, quick question. if I have 'connect-src *' but have explicitly limited script-src and all other derivatives to a particular domain, how much of a threat is it?
Excellent Video....Thanks a lot sir....
Thank you
great explanation... good luck Abhay
wow bro it's an awesome explanation, tanks for this, and your english pronunciation it's amazing
Thank you Samuel :)
You explained it very well. Concept is clear to me. But how do I get my javascript loaded without errors. I have very little knowledge of Java and have played with a bit. I found which files causing the errors but how do I correct this. Where do I inject the nonce or hash code in my files or remove the errors in my javascrips?
hi im vasantha you are using dynamobase for importing and exporting csv and json file . im installing dynamobase as per my factory work but i have doubt how toimport csv files in dynamobase if pelase possible video for that and i have one more doubt how to import one data base api to aws dynamodb this my questions if possible do that thank you
A great presentation! Loved it.
Thank you
I finally get it. Thanks!
Glad you found it useful
This video is gold.
Thank you :)
Wouldn't it be more efficient to store the value of the latest version number as an attribute in the v0 record?
One of the big remarks is that it checks the lock file after the dependency was already added which could already lead to damage (malware execution during setup step). In an ideal case, it should intercept the "poetry add" (and other commands such as poetry update etc...) and check it before **any code** from the package is executed. (Poetry fall back to setup.py/distutils for packages that are not pure wheels or don't have toml/cfg specified). Is the monitor also possible to cope with dynamic dependencies defined during the installation time? (e.g. via setup.py, not the package metadata coming from pypi). There are many quirks in the installation process of not only poetry but also pip, it's great for finding vulnerable dependencies, but I would be really careful when you worry about potential malware (in PyPI package) as there are many ways to bypass this and achieve code execution/compromise of the system. Source: I've been doing research in this area for past 3+ years
Good point Martin. For npm, I created a CLI project called npq - github.com/lirantal/npq I built it exactly for the reason you brought up. Happy to get your feedback on it in the GitHub repository.
07:37 set by the (Application) server 08:19 my web server would indicate to the browser via an HTTP header, from the same origin server
Thanks Abhay for putting this video up! I'm not a python user so the intro to Poetry package manager helped me understand how it works and the comparison with pip and requirements.txt was great! Nice and quick setup with Snyk for security monitoring of those open source dependencies.
Thanks Liran. Glad you found it useful. I really liked the simplicity of both these tools and the integration between them as well :)
Yes, thanks Abhay. I’m just getting back into some python, and you did this much better than I could have. Well done!
@@TheArcherba Thank you :)
Sir, plz dynamobdb complete advanced professional tutorials for DEVELOPER
I’ll role out some more videos over time. Thanks 😊
Nice Presentation!
Thank you!
presentation was very neat and good. Very much helpful
Thank you!
Abhay, this is one of the best presentations. This whole video is able to maintain the curiosity. Thanks a lot.
Thank you very much for your compliments :)
Awsome, explanation sir great 👍
Thank you!
Thanks for the information , explanation and your time !!!
Thanks :)
Thank you for the detailed explanation.
Thank you
Dude, This is good <3
Thanks mate
It was a very professional presentation.. I especially liked the courtesy links that you have posted towards the end ... 👍🏻
Thank you!
Great video
Thank you!
Great n unique way of explanation sir. Waiting to learn more concepts 👌👌
Thank you!