This was both refreshing and humbling. Didn’t know such easy-to-learn tools to get into the AppSec space even existed or were this accessible. Would be great to see videos on your Career, how you knew Security was for you, & what you do to keep up to date with the latest trends in this Space.
@@MakN. just be patient. I suggest to start with picoCTF and use Google a lot. The point is to learn. Even check the write up. Try to find a similar problem and try to solve by yourself.
@@kopuz.co.uk. But it clearly points out where in the Dev’s code they need to take things a bit more seriously and learn from as they develop in their software development career, what’s so bad about having such a proactive tool that still spoon-feeds you on where to look in your code specifically at your disposal?
I would have prefer you to disclose the sponsorship at beginning of the video not at 20 seconds from the end. Otherwise great demo and a lot of potential from using snyk for CTF!
When are you making your own tutorial video so that you can announce your sponsorship 10secs into the video? Secondly there nothing wrong with sponsorship as long as the tool does what it promises. Don’t see why folks think every TH-cam that snags a sponsorship deal means he’s selling a bullcrap product and forcing it down people’s throats.
@@1anre I never said that sponsorships are wrong. But if you follow the ftc guidelines, it should be HARD to miss. Therefore, my critique stands, make it so that it is known at the beginning of the video and not the end.
@John not to discredit Snyk and similar tools that I'm sure do more than check your dependency management (e.g. trying RCEs using libraries that are used like what they call ImageTragick), running `npm audit` and `npm audit fix` would capture what is in this video.
Amazing video again john. I have a question in order to understand all that kind of web attacks is it better to know the technology like building a node app or php app and see why the vulnerability existed in first place? Like No sql injection etc.
Bro, I am in depression after seeing your couple of videos.. So much I have to learn..I was thinking I know something about hacking, now it seems I know nothing😞
Hahaha. 1yr later how has the learning journey been? Hope you’re less overwhelmed and can teach us a thing or thing from what you’ve picked over the last 1yr?
@@UnknownSend3r I'm currently studying computer science at alevel, a part of the spec is that you have to build a piece of software which is called your NEA (non examined assessment)
Have to give it a dislike as you don't say it's a paid promotion/sponsored video till the end, basically an advertisement. Makes you look dodgy/questionable/untrustworthy Have seen a couple (read 2 or 3) your other videos and they were interesting, but this make me question your integrity.
Nah. Flawed criticism. If he didn’t even mention it in the video in the first place, would your wise self know or will you be able to throw any tantrum then? Doubt it Enjoy the free content and move along
This was both refreshing and humbling.
Didn’t know such easy-to-learn tools to get into the AppSec space even existed or were this accessible.
Would be great to see videos on your Career, how you knew Security was for you, & what you do to keep up to date with the latest trends in this Space.
Thanks to this guy I put my hands on keyboard, Learning all nights a bit of hacking. Thanks John.
I just started. Very fun but a bit overwhelming to begin with!
@@MakN. just be patient. I suggest to start with picoCTF and use Google a lot. The point is to learn. Even check the write up. Try to find a similar problem and try to solve by yourself.
@@dajiru1976 Thanks :) just done my first hackthebox today with some reverse tcp. Slowly slowly 😁👍
@@dajiru1976 what picoCTF you started with what challenge?
@@MakN. what's your background before doing the first CTF
Thanks for bringing up super cool videos frequently. i'm always excited to watch them out
Me too
Thanks John , You make me realize how vulnerable the apps we have developed . We were only focusing on the end-user requirement .
Wow Snyk is awesome! What a great idea for security programs for startups and projects and even better it’s open-source !
Yeah it seems to be a pretty good info-sec service, although a bit of a logistical nightmare for the devs.
@@kopuz.co.uk. haha I can only imagine the headaches 😂
@@kopuz.co.uk. But it clearly points out where in the Dev’s code they need to take things a bit more seriously and learn from as they develop in their software development career, what’s so bad about having such a proactive tool that still spoon-feeds you on where to look in your code specifically at your disposal?
I saw the thumbnail and thought "I need to see Ed Sheeran fixing vulnerabilities".
SNYK is OP ❤️
Hey look... Guy from THM
I would have prefer you to disclose the sponsorship at beginning of the video not at 20 seconds from the end.
Otherwise great demo and a lot of potential from using snyk for CTF!
When are you making your own tutorial video so that you can announce your sponsorship 10secs into the video?
Secondly there nothing wrong with sponsorship as long as the tool does what it promises.
Don’t see why folks think every TH-cam that snags a sponsorship deal means he’s selling a bullcrap product and forcing it down people’s throats.
@@1anre I never said that sponsorships are wrong. But if you follow the ftc guidelines, it should be HARD to miss. Therefore, my critique stands, make it so that it is known at the beginning of the video and not the end.
Super cool ! Great video as always bro
Great ad, John! Thanks for putting this together. I hope they paid you BIG $$$ for that 1/2 hour ad.
Nah. The tool does what it’s suppose to do.
Get a life
Thank you for everything you do 😊
Could you use this in a King of the Hill to hold off the others?
For next vid, please fix your mic settings. Listening through headset. Audio is clipping badly. Turn that gain down a bit 😉
Very interesting topic. I have to say tho, the audio is a bit clippy
what application launcher are you using? :)
@John not to discredit Snyk and similar tools that I'm sure do more than check your dependency management (e.g. trying RCEs using libraries that are used like what they call ImageTragick), running `npm audit` and `npm audit fix` would capture what is in this video.
Can you do a video to show all these clearly?
Amazing video again john. I have a question in order to understand all that kind of web attacks is it better to know the technology like building a node app or php app and see why the vulnerability existed in first place? Like No sql injection etc.
Now add backwards compatibility to the mix!
I see how this could work in a CI/CD context on new apps though.
It premieres at 3am for me I have to watch it when I wake up.
Don’t forget to register your copy of Sublime Text 😄
This is definitely a legit tool!! I hope to see more iterations of this in the future as the importance of "shifting left" becomes the norm.
Dope!
Hey from where can i learn python scripting? like to automate tasks and make tools. can you suggest some good resources?
sick!
Nice!
Diggin the shirt, I have one myself :D
I'd love to see Snyk target Mutilidae or Juice Shop or one of those
What are those particularly?
@@1anre Deliberately vulnerable applications for learning and illustrating vulnerabilities and flaws in software.
I enjoy your videos but your mic is either too close to your mouth or the signal is a bit hot causing distortion. :)
yea synk is also incorporated into chromes dev tools.. if u run lighthouse tests it gens that report and refers u to snyk too good
Bro, I am in depression after seeing your couple of videos.. So much I have to learn..I was thinking I know something about hacking, now it seems I know nothing😞
Hahaha. 1yr later how has the learning journey been?
Hope you’re less overwhelmed and can teach us a thing or thing from what you’ve picked over the last 1yr?
I'm literally making a web app vulnerability scanner right now for my a level NEA project wow 😂
What's a level NEA project.
@@UnknownSend3r I'm currently studying computer science at alevel, a part of the spec is that you have to build a piece of software which is called your NEA (non examined assessment)
Hello 👋
ippsec vs john Hammond pls
Don’t sub or like non music but love the video
You hit ignore on most of them.
Sir is there any giveaway
(11:05)-Encoding
We need some kind of script that scans real url and find how to hack it
No you don’t.
KOTH Nuke button
Have to give it a dislike as you don't say it's a paid promotion/sponsored video till the end, basically an advertisement.
Makes you look dodgy/questionable/untrustworthy
Have seen a couple (read 2 or 3) your other videos and they were interesting, but this make me question your integrity.
Nah. Flawed criticism.
If he didn’t even mention it in the video in the first place, would your wise self know or will you be able to throw any tantrum then? Doubt it
Enjoy the free content and move along
Tool is cool and all, but mention "includes paid promotion"
Someone hacked your youtube channel? Is it a deep fake video?