- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Software Composition Analysis and Secrets Scanning - PenTest+ PT0-003
🎯 Free Hub: https://professorerica.com/pentestplus • 📝 Practice Test: https://professorerica.com/pentestplus-practice - Your application's attack surface includes every dependency it imports and every credential a developer accidentally committed to version control. This video covers Software Composition Analysis with OWASP Dependency-Check, Software Bill of Materials (SBOM), TruffleHog secrets scanning across git history and S3, and how the Equifax 2017 and Log4Shell 2021 breaches could have been caught earlier with SCA tooling. Includes exact command syntax for both tools. Watch the next video for IaC and container vulnerability scanning.
Chapters:
0:00 The Third-Party Problem: Your Code Is Not Your Only Attack Surface
3:05 Software Composition Analysis: Scanning What You Import
5:39 OWASP Dependency-Check in Practice
8:16 Secrets Scanning: Credentials in the Codebase
10:14 TruffleHog: Scanning Git History for Exposed Secrets
12:16 SCA and Secrets in the Pen Test Workflow
15:19 Quiz Time
#softwarecompositionanalysis #SCAsecurity #TruffleHogsecretsscanner #OWASPDependencyCheck #PenTestPT0003
---
Disclosure
The avatars and voices in this video are AI-generated. All content -- research, scripts, lesson design, and the custom video engine -- is created by a CISSP, CISM, and PMP certified professional with a Master's in Project Management, a B.S. in Information Technology, and a Doctorate in Business Administration in progress.
This channel exists to make learning accessible and straightforward.
CompTIA® and PenTest+® are registered trademarks of CompTIA, Inc. This channel is not affiliated with, endorsed by, or sponsored by CompTIA. All content is produced independently for educational purposes only. All penetration testing techniques shown are for authorized, legal use only — obtain written permission before testing any system you do not own. For official exam objectives, pricing, and policies visit comptia.org.
Видео Software Composition Analysis and Secrets Scanning - PenTest+ PT0-003 канала Professor Erica
Chapters:
0:00 The Third-Party Problem: Your Code Is Not Your Only Attack Surface
3:05 Software Composition Analysis: Scanning What You Import
5:39 OWASP Dependency-Check in Practice
8:16 Secrets Scanning: Credentials in the Codebase
10:14 TruffleHog: Scanning Git History for Exposed Secrets
12:16 SCA and Secrets in the Pen Test Workflow
15:19 Quiz Time
#softwarecompositionanalysis #SCAsecurity #TruffleHogsecretsscanner #OWASPDependencyCheck #PenTestPT0003
---
Disclosure
The avatars and voices in this video are AI-generated. All content -- research, scripts, lesson design, and the custom video engine -- is created by a CISSP, CISM, and PMP certified professional with a Master's in Project Management, a B.S. in Information Technology, and a Doctorate in Business Administration in progress.
This channel exists to make learning accessible and straightforward.
CompTIA® and PenTest+® are registered trademarks of CompTIA, Inc. This channel is not affiliated with, endorsed by, or sponsored by CompTIA. All content is produced independently for educational purposes only. All penetration testing techniques shown are for authorized, legal use only — obtain written permission before testing any system you do not own. For official exam objectives, pricing, and policies visit comptia.org.
Видео Software Composition Analysis and Secrets Scanning - PenTest+ PT0-003 канала Professor Erica
Комментарии отсутствуют
Информация о видео
27 апреля 2026 г. 4:06:58
00:19:23
Другие видео канала
Common TCP and UDP Ports, Protocols, and Their Purposes - A+ Core 1
VA Benefits Online: Navigating VA.gov, eBenefits, and My HealtheVet
VA Claim Sharks: they charge $20K for free services
Social Engineering Phishing SET Gophish and Evilginx - PenTest+ PT0-003
SSDI Expedited Reinstatement: Get Benefits Back Without Starting Over - Social Security
![CISSP - Identity Management Fundamentals [5.1]](https://i.ytimg.com/vi/OVFwhVjJf5w/default.jpg)
CISSP - Identity Management Fundamentals [5.1]
Windows Privilege Escalation Tokens, Services, and Misconfigurations - PenTest+ PT0-003
VA Benefits - Guard and Reserve: Title 10 vs Title 32 Explained
Routing Protocols Explained - OSPF, BGP, EIGRP, and RIP Compared - Network+ N10-009
CHAMPVA: 3 things to tell your provider before they bill
Dependent Benefits: Adding Spouse, Children, and Parents to Your VA Compensation
Cardiovascular VA Claims -- METs Ratings, Agent Orange Heart Disease, and Post-Surgical Benefits
Social Security Divorce in Community Property States: How the Math Changes
Your Boss Might Already Be Scoring You with AI — and the CFPB Just Started Enforcing
Wireless Security WPA2, WPA3, and Enterprise Authentication - Network+ N10-009
VA Benefit Summary Letter: Download in 60 Seconds and Save Money
Network Hardening - Default Credentials, SNMPv3, and Firmware - Network+ N10-009
Layer 3 Troubleshooting - Routing Loops, ACLs, and MTU Blackholes - Network+ N10-009
VA Benefits: The Clothing Allowance - Free Money Most Disabled Veterans Miss
VA Benefits for Native American Veterans: Tribal HUD-VASH, NADL, and IHS Coordination
VA Benefits: Diagnostic Codes Explained - How the VA Categorizes Your Disabilities
