DEV Community: hardword The latest articles on DEV Community by hardword (@hardword). https://dev.to/hardword https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F19276%2Fb036c070-9466-4a1a-8116-dc0a89651cb8.png DEV Community: hardword https://dev.to/hardword en Fun with GraphQL Introspection hardword Fri, 02 Oct 2020 01:23:18 +0000 https://dev.to/hardword/fun-with-graphql-introspection-2lbe https://dev.to/hardword/fun-with-graphql-introspection-2lbe <p>This post is a writeup of <strong>'funny-blogger'</strong> challenge from <a href="https://warmup1.cyberedu.ro/">Cyberedu Warm-up CTF #1</a></p> <p>Once you access the challenge web page, you can find a jQuery script to fetch blog posts.<br> </p> <div class="highlight"><pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">arr</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nx">URL</span><span class="p">.</span><span class="nx">match</span><span class="p">(</span><span class="sr">/article=</span><span class="se">([</span><span class="sr">0-9</span><span class="se">]</span><span class="sr">+</span><span class="se">)</span><span class="sr">/</span><span class="p">)</span> <span class="kd">var</span> <span class="nx">article</span> <span class="o">=</span> <span class="nx">arr</span><span class="p">[</span><span class="mi">1</span><span class="p">];</span> <span class="k">if</span> <span class="p">(</span><span class="nx">article</span> <span class="o">&gt;=</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">article</span><span class="p">);</span> <span class="kd">var</span> <span class="nx">request</span> <span class="o">=</span> <span class="nx">$</span><span class="p">.</span><span class="nx">ajax</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">dataType</span><span class="p">:</span> <span class="dl">"</span><span class="s2">json</span><span class="dl">"</span><span class="p">,</span> <span class="na">url</span><span class="p">:</span> <span class="dl">"</span><span class="s2">/query</span><span class="dl">"</span><span class="p">,</span> <span class="na">contentType</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/x-www-form-urlencoded</span><span class="dl">"</span><span class="p">,</span> <span class="na">data</span><span class="p">:</span> <span class="dl">"</span><span class="s2">query=eyJxdWVyeSI6IntcbiAgICAgICAgICAgICAgICBhbGxQb3N0c3tcbiAgICAgICAgICAgICAgICAgICAgZWRnZXN7XG4gICAgICAgICAgICAgICAgICAgIG5vZGV7XG4gICAgICAgICAgICAgICAgICAgICAgICB0aXRsZVxuICAgICAgICAgICAgICAgICAgICBib2R5XG4gICAgICAgICAgICAgICAgICAgIH1cbiAgICAgICAgICAgICAgICAgICAgfVxuICAgICAgICAgICAgICAgIH1cbiAgICAgICAgICAgICAgICB9XG4gICAgICAgICAgICAgICAgIn0=</span><span class="dl">"</span><span class="p">,</span> <span class="na">success</span><span class="p">:</span> <span class="kd">function</span><span class="p">(</span><span class="nx">response</span><span class="p">)</span> <span class="p">{</span> <span class="nb">document</span><span class="p">.</span><span class="nx">getElementById</span><span class="p">(</span><span class="dl">"</span><span class="s2">title</span><span class="dl">"</span><span class="p">).</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">allPosts</span><span class="p">.</span><span class="nx">edges</span><span class="p">[</span><span class="nx">article</span><span class="p">].</span><span class="nx">node</span><span class="p">.</span><span class="nx">title</span><span class="p">;</span> <span class="nb">document</span><span class="p">.</span><span class="nx">getElementById</span><span class="p">(</span><span class="dl">"</span><span class="s2">content</span><span class="dl">"</span><span class="p">).</span><span class="nx">innerHTML</span> <span class="o">=</span> <span class="nx">response</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">allPosts</span><span class="p">.</span><span class="nx">edges</span><span class="p">[</span><span class="nx">article</span><span class="p">].</span><span class="nx">node</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="p">}</span> <span class="p">})</span> </code></pre></div> <p>When you decode the data part of POST request, and remove all unnecessary noises (whitespaces, newlines..), you'll get this query.</p> <p><code>{"query":"{allPosts{edges{node{title\nbody}}}}"}</code></p> <p>Further analysis of the HTTP traffic between the browser and the server shows that this request fetches all the blog post via <code>query</code> end point and then show only the post that the article parameter is pointing, like <code>/article=1</code>. #classicGraphQL</p> <p>And here is the <code>curl</code> request to get all posts (or <code>node</code>s).<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">-s</span> <span class="s1">'http://x.x.x.x:31325/query'</span> <span class="nt">--data-raw</span> <span class="s1">'query=eyJxdWVyeSI6InthbGxQb3N0c3tlZGdlc3tub2Rle3RpdGxlXG5ib2R5fX19fSJ9'</span> | jq <span class="s1">'.data.allPosts.edges[0:2]'</span> <span class="o">[</span> <span class="o">{</span> <span class="s2">"node"</span>: <span class="o">{</span> <span class="s2">"title"</span>: <span class="s2">"Day #0 of happines!"</span>, <span class="s2">"body"</span>: <span class="s2">"Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum."</span> <span class="o">}</span> <span class="o">}</span>, <span class="o">{</span> <span class="s2">"node"</span>: <span class="o">{</span> <span class="s2">"title"</span>: <span class="s2">"Day #1 of happines!"</span>, <span class="s2">"body"</span>: <span class="s2">"Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum."</span> <span class="o">}</span> <span class="o">}</span> <span class="o">]</span> </code></pre></div> <p>There are 800 posts (<code>article=0</code> through <code>article=799</code>) with the same format for <code>title</code>s and the same contents for <code>body</code>s and there is obviously no sign of flag from a normal request.</p> <p>I jumped to check the <em>Introspection of GraphQL</em> query [1][2], because why not, with a hope of there being something in <code>node</code> object other than <code>title</code> and <code>body</code> which "hopefully" will give me the flag. And here are the steps that I took toward the flag.</p> <p>Step 1. Checking all <code>type</code>s from <code>__schema</code> gives a name to check <code>PostObject</code><br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="o">{</span><span class="s2">"query"</span>:<span class="s2">"{__schema{types{name}}}"</span><span class="o">}</span> <span class="nv">$ </span>curl <span class="nt">-s</span> <span class="s1">'http://x.x.x.x:31325/query'</span> <span class="nt">--data-raw</span> <span class="s1">'query=eyJxdWVyeSI6IntfX3NjaGVtYXt0eXBlc3tuYW1lfX19In0='</span> <span class="o">{</span><span class="s2">"data"</span>:<span class="o">{</span><span class="s2">"__schema"</span>:<span class="o">{</span><span class="s2">"types"</span>:[<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"Query"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"Node"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"ID"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"PostObjectConnection"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"PageInfo"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"Boolean"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"String"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"PostObjectEdge"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"PostObject"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"Int"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"UserObject"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"UserObjectConnection"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"UserObjectEdge"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"__Schema"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"__Type"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"__TypeKind"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"__Field"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"__InputValue"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"__EnumValue"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"__Directive"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"__DirectiveLocation"</span><span class="o">}]}}}</span> </code></pre></div> <p>Step 2. Checking all <code>fields</code>s from <code>PostObject</code> type gives a list of <code>filed</code> names.<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="o">{</span><span class="s2">"query"</span>:<span class="s2">"{__type(name:</span><span class="se">\"</span><span class="s2">PostObject</span><span class="se">\"</span><span class="s2">){name</span><span class="se">\n</span><span class="s2">fields{name}}}"</span><span class="o">}</span> <span class="nv">$ </span>curl <span class="nt">-s</span> <span class="s1">'http://x.x.x.x:31325/query'</span> <span class="nt">--data-raw</span> <span class="s1">'eyJxdWVyeSI6IntfX3R5cGUobmFtZTpcIlBvc3RPYmplY3RcIil7bmFtZVxuZmllbGRze25hbWV9fX0ifQ=='</span> <span class="o">{</span><span class="s2">"data"</span>:<span class="o">{</span><span class="s2">"__type"</span>:<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"PostObject"</span>,<span class="s2">"fields"</span>:[<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"id"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"title"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"body"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"authorId"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"author"</span><span class="o">}]}}}</span> </code></pre></div> <p>Step 3. <code>id</code> and <code>authorID</code> do not dive anything special as <code>title</code> and <code>body</code> did. But I found that <code>author</code> is another type, <code>UserObject</code>, which looks interesting, again because why not.</p> <p>Step 4. Checking all <code>fields</code>s from <code>UserObject</code> type gives an interesting field called <code>randomStr1ngtoInduc3P4in</code><br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="o">{</span><span class="s2">"query"</span>:<span class="s2">"{__type(name:</span><span class="se">\"</span><span class="s2">UserObject</span><span class="se">\"</span><span class="s2">){name</span><span class="se">\n</span><span class="s2">fields{name}}}"</span><span class="o">}</span> <span class="nv">$ </span>curl <span class="nt">-s</span> <span class="s1">'http://x.x.x.x:31325/query'</span> <span class="nt">--data-raw</span> <span class="s1">'eyJxdWVyeSI6IntfX3R5cGUobmFtZTpcIlVzZXJPYmplY3RcIil7bmFtZVxuZmllbGRze25hbWV9fX0ifQ=='</span> <span class="o">{</span><span class="s2">"data"</span>:<span class="o">{</span><span class="s2">"__type"</span>:<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"UserObject"</span>,<span class="s2">"fields"</span>:[<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"id"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"name"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"email"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"randomStr1ngtoInduc3P4in"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"name"</span>:<span class="s2">"posts"</span><span class="o">}]}}}</span> </code></pre></div> <p>Step 5. <code>randomStr1ngtoInduc3P4in</code> gives strings of flag format but not quite a flag we want. And it looks like we need to find a right one out of 800.<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="o">{</span><span class="s2">"query"</span>:<span class="s2">"{allPosts{edges{node{author{randomStr1ngtoInduc3P4in}}}}}"</span><span class="o">}</span> <span class="nv">$ </span>curl <span class="nt">-s</span> <span class="s1">'http://x.x.x.x:31325/query'</span> <span class="nt">--data-raw</span> <span class="s1">'query=eyJxdWVyeSI6InthbGxQb3N0c3tlZGdlc3tub2Rle2F1dGhvcntyYW5kb21TdHIxbmd0b0luZHVjM1A0aW59fX19fSJ9'</span> | jq <span class="s1">'.data.allPosts.edges[0:2]'</span> <span class="o">[</span> <span class="o">{</span> <span class="s2">"node"</span>: <span class="o">{</span> <span class="s2">"author"</span>: <span class="o">{</span> <span class="s2">"randomStr1ngtoInduc3P4in"</span>: <span class="s2">"ECSC{Nope! Try harder! Nope! Try harder! Nope! Try harder! Nope! Try h}"</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span>, <span class="o">{</span> <span class="s2">"node"</span>: <span class="o">{</span> <span class="s2">"author"</span>: <span class="o">{</span> <span class="s2">"randomStr1ngtoInduc3P4in"</span>: <span class="s2">"ECSC{Nope! Try harder! Nope! Try harder! Nope! Try harder! Nope! Try h}"</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">]</span> </code></pre></div> <p>Step 6. Found the flag with <code>grep</code><br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">-s</span> <span class="s1">'http://x.x.x.x:31325/query'</span> <span class="nt">--data-raw</span> <span class="s1">'query=eyJxdWVyeSI6InthbGxQb3N0c3tlZGdlc3tub2Rle2F1dGhvcntyYW5kb21TdHIxbmd0b0luZHVjM1A0aW59fX19fSJ9'</span> | jq <span class="s1">'.data.allPosts.edges'</span> | <span class="nb">grep</span> <span class="nt">-E</span> <span class="nt">-o</span> <span class="s1">'ECSC{.*}'</span> | <span class="nb">grep</span> <span class="nt">-v</span> <span class="s1">'harder'</span> ECSC<span class="o">{</span>b8e9be2eb35748a0aa...<span class="o">}</span> </code></pre></div> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/NPDp7GHmMa0"> </iframe> </p> <p>[1] <a href="https://graphql.org/learn/introspection/">https://graphql.org/learn/introspection/</a><br> [2] <a href="https://lab.wallarm.com/why-and-how-to-disable-introspection-query-for-graphql-apis/">https://lab.wallarm.com/why-and-how-to-disable-introspection-query-for-graphql-apis/</a></p> ctf graphql introspection 2articles1week DockerCon 2017 recap hardword Fri, 19 May 2017 02:39:26 +0000 https://dev.to/hardword/dockercon-2017-recap https://dev.to/hardword/dockercon-2017-recap <p><strong>General</strong><br> Docker Online Meetup: DockerCon 2017 Highlights Recap!<br> <a href="https://www.youtube.com/watch?v=M2aL6IkcgPc"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--FOYMIvEh--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/M2aL6IkcgPc/0.jpg" alt="https://youtu.be/M2aL6IkcgPc"></a></p> <p>Container Performance Analysis<br> <a href="https://www.youtube.com/watch?v=bK9A5ODIgac"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--xr7KottW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/bK9A5ODIgac/0.jpg" alt="https://youtu.be/bK9A5ODIgac"></a></p> <p>Troubleshooting Tips from a Docker Support Engineer<br> <a href="https://www.youtube.com/watch?v=DK1ew1HpmeY"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ReaKf2Vn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/DK1ew1HpmeY/0.jpg" alt="https://youtu.be/DK1ew1HpmeY"></a></p> <p>Tricks of the Captains<br> <a href="https://www.youtube.com/watch?v=stes90QH754"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--eAx8y2MQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/stes90QH754/0.jpg" alt="https://youtu.be/stes90QH754"></a></p> <p>Unikernel Technologies<br> <a href="https://www.youtube.com/watch?v=24rvIB4_v4U"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--fxEPGW4b--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/24rvIB4_v4U/0.jpg" alt="https://youtu.be/24rvIB4_v4U"></a></p> <p><strong>Non-Technical</strong><br> Learning to Take Care of Your SELF<br> <a href="https://www.youtube.com/watch?v=1qthPiP4jEM"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--0xfdKjTt--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/1qthPiP4jEM/0.jpg" alt="https://youtu.be/1qthPiP4jEM"></a></p> <p>Burnout<br> <a href="https://www.youtube.com/watch?v=fYkI40AhV7o"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--5dJhmi_v--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/fYkI40AhV7o/0.jpg" alt="https://youtu.be/fYkI40AhV7o"></a></p> <p><strong>Network</strong></p> <p>Docker Networking: From Application-Plane to Data-Plane<br> <a href="https://www.youtube.com/watch?v=EAQ-vr0XcPc"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--0m45N0MX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/EAQ-vr0XcPc/0.jpg" alt="https://youtu.be/EAQ-vr0XcPc"></a></p> <p>Deep Dive in Docker Overlay Networks<br> <a href="https://www.youtube.com/watch?v=b3XDl0YsVsg"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--94CDFj4s--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/b3XDl0YsVsg/0.jpg" alt="https://youtu.be/b3XDl0YsVsg"></a></p> <p><strong>Security</strong></p> <p>Cilium: Network and Application Security with BPF and XDP<br> <a href="https://www.youtube.com/watch?v=ilKlmTDdFgk"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--PnGD2Ea2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/ilKlmTDdFgk/0.jpg" alt="https://youtu.be/ilKlmTDdFgk"></a></p> <p>Secure Substrate: Least Privilege Container Deployment<br> <a href="https://www.youtube.com/watch?v=iHQCVFMBdCA"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--iY_qh34---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/iHQCVFMBdCA/0.jpg" alt="https://youtu.be/iHQCVFMBdCA"></a></p> <p>Introducing Linux Kit<br> <a href="https://www.youtube.com/watch?v=FEtVxwsCUBY"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--j4maOxKH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/FEtVxwsCUBY/0.jpg" alt="https://youtu.be/FEtVxwsCUBY"></a></p> <p>Building a Secure Docker Application<br> <a href="https://www.youtube.com/watch?v=tjxkxVI_PVU"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--e6uXH1sL--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/tjxkxVI_PVU/0.jpg" alt="https://youtu.be/tjxkxVI_PVU"></a></p> <p>What Have Namespaces Done for You Lately?<br> <a href="https://www.youtube.com/watch?v=MHv6cWjvQjM"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--zlrB5XYp--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/MHv6cWjvQjM/0.jpg" alt="https://youtu.be/MHv6cWjvQjM"></a></p> <p>Securing Containers, One Patch At A Time<br> <a href="https://www.youtube.com/watch?v=jZSs1RHwcqo"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--QSCbY_o7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/jZSs1RHwcqo/0.jpg" alt="https://youtu.be/jZSs1RHwcqo"></a></p> <p>Scaling App Defense for Container Environments<br> <a href="https://www.youtube.com/watch?v=mOXBJLFM65s"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--4cgfUoct--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/mOXBJLFM65s/0.jpg" alt="https://youtu.be/mOXBJLFM65s"></a></p> <p>Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise<br> <a href="https://www.youtube.com/watch?v=snsO_KoVlIU"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--mWbQlgfn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/snsO_KoVlIU/0.jpg" alt="https://youtu.be/snsO_KoVlIU"></a></p> <p>Securing the Software Supply Chain with TUF and Docker<br> <a href="https://www.youtube.com/watch?v=SNge7-t4JRE"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--2MWAnA8C--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://img.youtube.com/vi/SNge7-t4JRE/0.jpg" alt="https://youtu.be/SNge7-t4JRE"></a></p> <p><strong>Worth Reading</strong></p> <p><a href="https://blog.docker.com/2017/04/dockercon-2017-day-1-highlights/">https://blog.docker.com/2017/04/dockercon-2017-day-1-highlights/</a><br> <a href="https://blog.docker.com/2017/04/dockercon-2017-day-2-highlights/">https://blog.docker.com/2017/04/dockercon-2017-day-2-highlights/</a><br> <a href="https://blog.docker.com/2017/05/dockercon-2017-online-meetup-recap/">https://blog.docker.com/2017/05/dockercon-2017-online-meetup-recap/</a></p> docker dockercon security Hi, I'm hardword hardword Fri, 19 May 2017 02:27:08 +0000 https://dev.to/hardword/hi-im-hardword https://dev.to/hardword/hi-im-hardword <p>I have been coding for 0.5 years.</p> <p>You can find me on GitHub as <a href="https://github.com/hardword" rel="noopener noreferrer">hardword</a></p> <p>I live in Bay.</p> <p>I work for $$</p> <p>I mostly program in these languages: bash, python.</p> <p>I am currently learning more about exploitation.</p> <p>Nice to meet you.</p> introduction