welcome to lessen 2.5. This the summary of the the module number two.
So in this module we start off talking about the web app, stack and all the components and making sure we understand the complexity in each one of the layers and understanding all the different application servers, the Web servers,
the database servers, the different types of programming languages. The interface is why we need to protect each one of those and why we need to select the tools that can help identify these vulnerabilities during the death SEC ops pipeline
I talked about the difference between static and dynamic analysis. Why we need both of them. Why we need to do software competition analysis the S EA on third party libraries that we could protect supply chains, protect the application,
looked at Miss configurations. Have those could be vulnerabilities as well that we may not see in the static analysis that that may show up in a dynamic analysis when we actually looking at security in the APP server, the Web server.
And then we took a very brief look at Jenkins so that we have
the basis on the understanding of what we're gonna be building on. So with all this together, I think we're ready now to finally start working on the pipeline. The first step is gonna be planning an awareness where we're developing or identifying what we need. Before the developers actually start writing the code.
So do final quiz for the module,
which attack Vector uses request manipulation to trick back and servers into believing the traffic originated from a trusted source.
Is this called service? I'd request forgery. SRF Is this injection or is this cross site scripting
his SRF, which uses the manipulation of requests to trick a proxy affront and server into sending requests to internal host to gain access to the internal data?