Refer: https://computingforgeeks.com/scan-docker-container-images-with-trivy/
Trivy DEB Installation File: https://github.com/aquasecurity/trivy/releases
Usage
docker images
trivy image 4ee077227828Security Scan for Ubuntu
Refer: https://cisofy.com/lynis/
From John D'Costa- Run this to get full report of the system scan
$ sudo apt-get install lynis
$ lynis audit system -c
Looking for root kits:
https://www.theurbanpenguin.com/detecting-rootkits-with-rkhunter-in-ubuntu-18-04/
Install IntelliJ Plug-ins for Security and PMD
Refer: https://www.youtube.com/watch?v=o4pdkgHfQS4
QAPlug - Checkstyle
QAPlug - FindBugs
QAPlug - PMD
Right-click code and choose, Analyze, Analyze Code... [Alt]+[Shift]+[A
Browsers failing with inline JavaScript Issues
10:19 AM] Rohith Poreddy: These are the changes I made to apache config
# X-FRAME Options
Header set X-Frame-Options SAMEORIGIN
# X-XSS-Protection:
Header always set X-XSS-Protection "1; mode=block"
# X-Content-Type-Options:
Header always set X-Content-Type-Options: nosniff
# Content-Security-Policy
Header set Content-Security-Policy "script-src 'self'; object-src 'self'"
[10:20 AM] Rohith Poreddy: In /etc/httpd/conf/httpd.conf
Struts 2 Vulnerability
Looking for vulnerability
Original Article: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638
Refer: https://github.com/mazen160/struts-pwn
Script: struts-pwn-master.zip
$ python struts-pwn.py --check --url 'https://my.domain.com/checkme.action'
[*] URL: https://my.domain.com/checkme.action
[*] Status: Vulnerable!
[%] Done.
Imperva Security
We are using Imperva Security Appliance at HAL. Comprehensive Application and Data Security
Comprehensive Web, Database and File Security by Imperva SecureSphere is the market leading solution for business security. SecureSphere provides comprehensive, integrated application security and data security to prevent data breaches, streamline regulatory compliance and establish a repeatable process for data risk management.
Powering the SecureSphere suite is a common platform that provides flexible deployment options, unified management, deep analytics and customizable reporting. The SecureSphere platform enables enterprise scalability and accelerates time to value.
Underscoring Imperva's commitment to business security, the Imperva Application Defense Center (ADC) is a world-class security research organization that maintains SecureSphere's cutting edge protection against evolving threats.
Disable a Run/Share across network
You have done a \\machine_name\C$ and now you want to break the connection without reboot the current host machine.
Show the link by using the following:
cmd>net use
Delete the link by using the following:
cmd>net use \\machine_name\C$ /del