Focused crawls are collections of frequently-updated webcrawl data from narrow (as opposed to broad or wide) web crawls, often focused on a single domain or subdomain.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Describe the bug
CKV_GCP_14 requires a backup configuration, but it does not take into consideration read replicas.
A read replica cannot have backup enabled in GCP.
To Reproduce
Steps to reproduce the behavior:
Create a google_sql_database_instance with master_instance_name and replica_configuration
Safety parser relly on a DB of vulnerabilities with CVE infos. This databases is upgraded/modified every month.
This pb is that our unit tests relly on this changing file.
We need to do one of these options:
fix the DB file for unit tests
remove completely this feature and wait that the CVE info come from the report (I pushed a pull request upstream to have CVE directly in the JSON rep
When scanning a repo, if the severity field is not all caps (HIGH|MEDIUM|LOW), when violations are output, the color of the severity field does not show up. The compare should be case-insensitive, OR we can normalize the severity field.
Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
When viewing vulns in the Audit Vulnerabilities tab. the Analysis column appears to contain code (enum?) names, e.g. NOT_SET, FALSE_POSITIVE. This problem also occurs in Policy Violations tab.
Steps to Reproduce:
Open the Audit Vulnerabilities tab.
Expected Behavior:
The Analysis column contains language specific analysis values, e.g. Not Set, False Positive
Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
As developers of the securecCodeBox we want to release new scanner versions more frequently.
To enable us to update more frequently we need some kind of notification for the new scanner version.
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Describe the bug
CKV_GCP_14 requires a backup configuration, but it does not take into consideration read replicas.
A read replica cannot have backup enabled in GCP.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Read replicas