Abhay Bhargav abhaybhargav

Notes on CPE and SWID

CPE is being EOLd, resulting in SWID, which is a ISO-paywalled document (Question: Is this accurate? Because I haven't found any reference to an EOL date)
This has also resulted in the splintering of several Platform Vulnerability Databases:
- Rust's DB
- NPM for NodeJS
- PyUP for Python

(Again, not sure if this is accurate)

Please don't look in here before you are actually done with lab

	import googleapiclient.discovery
	import sys

	def main(name, url):
	compute = googleapiclient.discovery.build('compute', 'beta')
	result = compute.images().get(project="boreal-rain-289205", image = "bti-base").execute()


	config = {
	"name": name,

	git clone ${REPO_URL} /root/
	/bin/chmod +x /root/${PR_NAME}/setup.sh
	/bin/bash +x /root/${PR_NAME}/setup.sh
	rm /root/${PR_NAME}/setup.sh
	rm /root/${PR_NAME}/.gitlab-ci.yml
	rm /root/${PR_NAME}/.gitignore
	rm /root/${PR_NAME}/README.md
	rm -rf /root/${PR_NAME}/.git
	rm /root/set.sh
	rm /root/setup.sh

	#!/usr/bin/env python

	import json
	import argparse
	from sys import exit

	caddy_dict = {'apps': {'http': {'servers': {'srv0': {'listen': [':443'],
	'routes': [{'match': [],
	'handle': [{'handler': 'subroute',
	'routes': [{'handle': [{'handler': 'reverse_proxy',

	Link for Stream: https://streamyard.com/cg32nk4py9

	Possible Discussion Points
	* Some discussions on his career, and where it's taken him. Especially now with Glasswall, where he seems to have made a shift from AppSec to a more Client-centric product role
	* Dinis's take on where AppSec is going
	* Wardley Mapping and its value to Threat Modeling
	* Graph-based security org/practices/ and some value-added aspects of this process
	* Kubernetes, Cloud and Serverless - Predictions, especially from a security perspective

	Anything else he wants to promote, talk about w.r.t OWASP, etc

	stages:
	- test

	run_python_mr_bot:
	image: python:3.7-stretch
	stage: test
	only:
	- merge_requests
	before_script:
	- apt update && apt-get install -y git sudo

	const mongoose = require("mongoose");
	const Project = require("../db/project.model");
	const conf = require("../config/config.dev");
	const auth = require("./auth.controller");
	const serialize = require("node-serialize");
	const base64 = require("base-64");
	const mysql = require("mysql");
	const log = require("./logger");

	//Added some comments

	TOKEN=$(http POST http://$1:3000/users/login [email protected] password=superman123 --check-status \| jq -r .token)
	authRetVal=$?
	if [ $authRetVal -ne 0 ]; then
	echo "Unable to Authenticate to Web Service"
	exit 1
	fi
	http POST http://$1:3000/expenses/update_expense/5ace11e4b10d64111c00adb3/ Authorization:$TOKEN amount=30 merchant="Gunrock Café" name="Dinner at Airport Food Court" isApproved=true --check-status
	exploitRetVal=$?
	if [ $exploitRetVal -ne 0 ]; then
	echo "Unable to tamper with approval status"

	* Settings *
	Library Collections
	Library RoboZap http://127.0.0.1:8090/ 8090
	Library RoboNodeJSScan
	Library RoboGit
	Library Playbot expenser-project newwebapp2 threatplaybook=http://167.71.144.178:81
	Library OperatingSystem
	Library RoboNpmAudit
	Library REST http://${TARGET_HOST}:3000 proxies={"http": "http://127.0.0.1:8090", "https": "http://127.0.0.1:8090"}