Absolutely! Another reason why it's recommended to use frameworks over rolling out custom code. Of course users can still make mistakes when implementing, and/or frameworks can still have vulnerabilities, but it helps a lot!
@@Cybrcom If it is full tutorial. I want to see you go to detail on each part of the process. and example on those. Not just mention. What you used are just using prebuilt or existing rule. you didn't go through the custom rule. you haven't show the CLI version of this service. So in my oppinion, it not worth to be called "Full Tutorial"
Sorry, I put the wrong link to the cheat sheet at the end of the video and missed the error before uploading. Click on the link in the info card instead!
Are you encountering issues? It should work the same, just using Azure credentials instead of AWS. More details here: docs.prowler.com/projects/prowler-open-source/en/latest/#azure
Glad you liked it! We just released a free cheat sheet you can download here: cybr.com/terraform-cheat-sheet And we released a Terraform course last week: cybr.com/courses/terraform-on-aws-from-zero-to-cloud-infrastructure/
But if I'm an attacker targeting a popular website that isn't escaping script tags, won't I have to take lots of additional steps to get the response page with the malicious script sent to another web application user that isn't me? I assume if I wanted to do this with Google (and if Google was vulnerable), I would send the script in the search bar, then Google would respond to MY machine with the page with malicious payload. Not seeing how that would be dangerous to anyone but the attacker.
Yes and no. What you've described is basically a form of Self-XSS. Some apps may only be vulnerable to that degree and nothing more, in which case the impact is minimal (but not non-existent -- look up Self-XSS examples), but a lot of times it's just the starting point. If an attacker finds a vulnerability like that, they will have to take extra steps (sometimes many extra steps) to find a way to exploit it at a larger/more impactful scale. But, some XSS can be submitted via URLs (think phishing), while other XSS (like stored XSS) would be permanently added to a web page (think comments like this one or other permanent user-submitted inputs) where my XSS gets loaded for every user viewing this comment, as an example.
Hey if we shut down our system or close the docker seession do we need to download them again . and btw i love your videos and content you provide . THANKS FOR THEM , you are just helping us more than you think.!!!
You don't need to re-download the docker images, you can just re-launch a new container with the same image(s). But if you take actions in the container, those actions will get wiped every time you shut down the system or destroy the container. You can get around this if you need to by setting up persistent storage though: docs.docker.com/guides/docker-concepts/running-containers/persisting-container-data/
i am following the exact steps except sqlmap is not doing anything it just stopped : sqlmap -u 127.0.0.1/vulnerabilities/sqli/?id=212&Submit=Submit# --cookie="v09fjlf03mjchvfgi9rceelrs1;security=low" --tables [INFO] testing connection to the target URL got a 302 redirect to '127.0.0.1/login.php'. Do you want to follow? [Y/n] [6]+ Stopped sudo sqlmap -u 127.0.0.1/vulnerabilities/sqli/?id=212
What do you mean by full time access? If you purchase a membership, you’ll have access to all of our training materials. If you purchase single courses, you’ll only have access to that course’s materials but access will never expire
how can i prepare for the pbq's aside from the 5 questions u provide? i have seen some people mention logs, firewall configuration, determining which computer is infected w/ malware but I can't see how i could prepare for pbq's if i don't know what they will consist of in the exam?
PBQs can consist of any of the domains listed in the official CompTIA objectives. That tells you roughly what you could expect to see on the exam between the multiple choice and PBQ questions, and all of those mentioned topics in your comment are good places to start and focus on, but of course we can't tell you exactly what you will get on your exam or it wouldn't be an exam :). Don't stress too much about them since there are only a few on the exam. Study as best you can and you will do fine!