Sadly, people aren't stupid enough to add user generated content as HTML instead of a span or smth😔
@klh_io4 сағат бұрын
But, looking at the linked video title, AI is :)
@OOB-014 сағат бұрын
I never found this vulnerability in real life 😂😂😂
@shiv_7989Күн бұрын
what are your vs code color settings
@DexFlex_YT-16 сағат бұрын
same question, looks beautiful
@Krewer693 күн бұрын
Still learning programming but i hope one day i'll be able to understand this better lol
@clarkio2 күн бұрын
Hey that's cool to hear you're learning programming. I'm sure you'll get there and I'm here if you have questions so don't hesitate to share them. Or if you'd like you could join our Discord community to learn more about security and programming: discord.com/invite/NXuz63GmUt
@pietraderdetective89533 күн бұрын
Great video but I dislike the code editor color theme. Still cool content!
@clarkio3 күн бұрын
Hey glad to hear you enjoyed the video and totally understand about the color theme. What's a color theme you really enjoy using? I can try it out in a future video.
@pietraderdetective89533 күн бұрын
@@clarkio nahh it's okay, I was bothered by some of the text color that's really hard to read in purple.. but if you really like purple, I saw an Evangelion theme but it was for neovim. I use the "Bamboo" color theme on my neovim. It's nature / forest based theme.
@fourone12543 күн бұрын
@@clarkioi actually really like it, but the theme is going to be a bit hard for some people to read
@clarkio3 күн бұрын
@@pietraderdetective8953 I kinda like purple but mostly going for consistency with the branding in these videos. I'm assuming you mean this Bamboo color theme? github.com/ribru17/bamboo.nvim That looks kinda similar to the default theme in VS Code. I did find a more green theme called Dark Green Jungle I'm kinda liking: github.com/AaBbdev29/Dark-Green-Jungle
@JaniDinner4 күн бұрын
actually enjoyed this video
@clarkio4 күн бұрын
Thanks! Glad to hear that
@FreshForALifetime4 күн бұрын
What theme are you using for pycharm? Cool vid!
@clarkio4 күн бұрын
I'm using Visual Studio Code (VS Code) and the theme is called Deep Purple: marketplace.visualstudio.com/items?itemName=mel-brown.deep-purple
@Tim_We4 күн бұрын
Very Interesting video! Thanks, I’ve learned a lot.
@clarkio4 күн бұрын
Awesome to hear and thanks for sharing
@kloudweb84274 күн бұрын
Do you have prompts for getting information
@afitnerd5 күн бұрын
How about "prompt kiddie"?
@clarkio4 күн бұрын
Nice I like that one
@dupex694208 күн бұрын
love this series!!!
@clarkio4 күн бұрын
Very glad to hear that!
@MeBadDev_11 күн бұрын
Great content! I've looked into your channel and looks like all of your videos are well made. It's such a shame that they got so little views. Keep it up man!
@clarkio4 күн бұрын
This comment made my day! Thanks so much for sharing. We'll definitely be keeping this up. Appreciate the encouragement👍
@sitdowndusty20 күн бұрын
Work smarter not harder
@clarkio17 күн бұрын
100%
@deedee453120 күн бұрын
The promise of putting HR staff out of a job.jesus Christ I've had some issues with them shemumpets
@Frank0000024 күн бұрын
How to fix security vulnerability: Download another 150kb+ package that increases the attack vector, while implementing very basic CSP.... Nah, I'm good.
@clarkio17 күн бұрын
I can understand not wanting to download yet another package. So yea if you want to roll out your own mitigation code to prevent CSRF attacks that works too. However, did you mean CSRF instead of CSP?
@Frank0000016 күн бұрын
CSRF is only one area of content security. If you are worried about CSRF on a note taking app, then you might as well check for other browser side channel attacks. Can't wait to see this 'AI' figure out how to implement XSS vulnerabilities next.
@RellMayers24 күн бұрын
So now you only have vunerabilities made by sneak?
@clarkio17 күн бұрын
Can you elaborate on what you mean?
@Frank0000016 күн бұрын
@@clarkio "This npm module is currently deprecated due to the large influx of security vulnerability reports recieved, most of which are simply exploiting the underlying limitations of CSRF itself." 😂
@NahamSec26 күн бұрын
Thanks for having me!
@Snyksec25 күн бұрын
Our pleasure!
@mathiasconradt-snyk4 күн бұрын
Great episode! Legend!
@kloudweb84274 күн бұрын
Do you have a course bundle for AI Pentesting
@andrewdobosh215328 күн бұрын
Ok
@darkdoomscizor561929 күн бұрын
Ok
@sethdhansonАй бұрын
Yeah I’m out at step one. No idea what he did there.
@clarkioАй бұрын
Sorry to hear that. To make sure I understand what you mean by step one are you referring to the Getting set up section at 00:27 ? And in particular is it the npx part? Let me know as I'm happy help you get past where you're stuck.
@AnimezillA007Ай бұрын
You didn't say how to get to the terminal
@clarkioАй бұрын
There are some assumptions going into this video for the viewer but happy to help further beyond that. You can open the terminal in a few ways but the quickest is by keyboard shortcut in VS Code: CTRL + ` (on Windows/Linux) or CMD + ` (on macOS). Hope that helps and let me know if you have more questions.
@TabnineAIАй бұрын
Brian, thank you for featuring us in your video. We are huge fans of Snyk. You are exactly right, AI can get you pretty far but it's still to developers to verify code and use tools such as Snyk to assist. Each model is going to have different strength and Tabnine will get better the more you use it thanks to local workspace context. To answer your question, the model switching only affects the which LLM is used for the chat. Please don't hesitate to reach out if you have any questions or feedback.
@clarkioАй бұрын
Thanks for checking out the video and glad to hear you are fans of Snyk! Thanks for helping by answering the question too. Will definitely keep you all in mind and reach out with questions or feedback 👍
@SharkyTheGamerrАй бұрын
epic
@AnEntityBrowsingYTАй бұрын
People shouldn't use AI to generate code. People are no longer learning how code works
@ferociousfeind8538Ай бұрын
Code generated by AI is necessarily median-quality code, and think about the quality of code you find out there on the internet. And 100%, if you use AI to generate code and it doesn't work, you're worse off than if you had written it yourself and it doesn't work, because you lack the complex intimate understanding of how you tried to solve the problem. And if it does work, you're worse off than if you had written it yourself, because you still lack the understanding of the problem and how the code solves it.
@smcmayi162Ай бұрын
to me seems like an abrupt ending
@Barkerbg001Ай бұрын
Thanks for the help, this video helped me create the "Ruby Sea" Theme that I uploaded to the store.
@clarkioАй бұрын
Glad to hear that and congrats on creating your theme!
@bazgo-od7yjАй бұрын
i doubt it'd make me vulnerable, i have a deep fear of intimacy
@clarkioАй бұрын
🤣
@TheStickofWarАй бұрын
Look into my eyes and tell me you don't like my code snippets
@matthew1kalasky351Ай бұрын
Don't you hate it when your programs laugh at you?
@clarkioАй бұрын
Yes 100% 😅
@MatthewJamesKalaskyАй бұрын
Sounds pretty important. Keep up the good work with your code.
@ferociousfeind8538Ай бұрын
These coding assistant AIs are trained on aggregate data- they're looking at average, mediocre code, and giving back to you average, mediocre code (or worse) In short bursts, sure I can get that. It's the predictive text your phone has but on steroids, that could be useful for a few lines at a time, but asking chatGPT for a stretch of code will end up giving you bad code that you didnt even write, so you have to understand it before you can even debug it!
@BaldBeardedBuilder2 ай бұрын
"it does so without judgement." <- That's probably for the best. I don't need no AI judging me. 🤣 Great video!
@oprio1232 ай бұрын
Great ad, might check it out.
@ramsey21552 ай бұрын
You are not supposed to use copilot or any other ai tools to write uncontrolled new code for you. They are only supposed to ease the repetitive tasks and speed up typing. You can of course use them to implement simple functions or types, but you should review the output at least. Also if you are really into copilot writing the whole thing for you (which I don't recommend) then use the chat option, it generally gives better outputs.
@clarkioАй бұрын
Thanks for this great comment. I tried out the chat option and it was better! It still provided vulnerable code sometimes but felt like an improvement to the comment approach. Here's the video on it too: kzbin.info/www/bejne/e3rHpH2pgKaerK8feature=shared
@GabrielLogan172 ай бұрын
Would be incredibly you show also Typescript Rollup Webpack, By the way, the video is excellent, thanks.
@rajeshm67032 ай бұрын
Excellent overview
@anbarasuramachandran22352 ай бұрын
Great help. Thanks.
@LawTzuTao2 ай бұрын
Exactly the video I was looking for. Production quality is great as well. Thank you for the content.
@حذيفةأحمد2 ай бұрын
في 2024 لم تعد هذه التقنيات تستعمل بشهادة موقع MDN لمائا سنملئ الموقع بملفات plyfills كبيرة ستبطئ الموقع من أجل أقلية قليلة نعم يمكن استخدام القليل من custom polyfills لحالات خاصة أرى أن قلة قليلة من المستخدمين تستعمل IE والمتصفحات القديمة
@antishokk80582 ай бұрын
my dumbass thought this video was about mail until he pulled up github
@clarkioАй бұрын
😅😅
@justefrain52412 ай бұрын
Thanks 😊
@pranavgoel292 ай бұрын
Nice touch on the mic foam, hehe
@clarkio2 ай бұрын
Thanks Pranav 🙂👍
@TanzimKabir-t9k2 ай бұрын
What if I add a env var in Repository settings, but instead of Secrets, I set it as a Environment variable. How would I access that?