Happy hour Week 30

only to "override" a __proto__ property or method

only need to call on a gadget

only to pollute a property or method and have a gadget to call it

only HTML injection allows Prototype pollution

<script>alert()</script>

<b>test</b>

<img src="something" onerror="do()">

' AND 1=1'

YES

NO

Those are scanned by Composition Analysis

Those are manually analysed by AppSec Research

Those are not excluded

KICS scans those

keeping infrastructure as code scanner

keeping intelligent code secure

keeping infrastructure as code safe

keeping infrastructure as code secure

a program inadvertently exposes sensitive information provided without proper encryption or protection.

an attacker alters input parameters to bypass controls or gain unauthorized access to a system or application.

an exception raised during an operation is not properly handled, causing the program to terminate abruptly with an error message.

an application fails to properly handle and restrict XML input containing external entities, potentially leading to information disclosure.

the physical construction or design of engineering prompts for user mechanical devices.

the process of designing instructions given during a CICD pipeline to achieve quality standards.

is the overall impression and satisfaction a person gains from interacting with a product, service, or system, encompassing aspects like usability, accessibility, and emotional response.

the process of designing and optimizing prompts for natural language processing models to enhance their performance and generate more accurate responses.