boarzVideosClipsStatistics

🎬Doggy dog

⏪
🎦
⏩
Featured in#️⃣EP 221 - Today's Stream
AllClipsEpisodesHas Blog PostZainThaneshKartikTorey
🎬
Krunchmaster Kartik
Build, Break & Fix
ZainboarKartikboar
🎬
Killing it
Special Edition: We don't stop until we get our code working
ZainboarKartikboar
🎬
Schooling in brown countries
Build,Break & Fix // Weekend two hour special
ZainboarKartikboar
🎬
Unprofessional Kartik
Build,Break & Fix // Weekend two hour special
ZainboarKartikboar
🎬
Brain Refresh
Build, Break & Fix // Setting a blog using Hugo and AWS Amplify
ZainboarKartikboar
🎬
Finger driven architecture
Build, Break & Fix // Working out Software design
ZainboarKartikboar
🎬
Fast food driven architecture
Build, Break & Fix // Working out Software design
ZainboarKartikboar
🎬
Can't be ashamed if there's never a first version
Build, Break & Fix
ZainboarKartikboar
🎬
Not a uni student
Build, Break & Fix
ZainboarKartikboar
🎬
Can't work, deploying
30 mins of deployment 😠 || 30 mins of coding 🥲
ZainboarKartikboar
🎬
Two points of contact
Today's Broadcast
ZainboarKartikboar
🎬
CORS exclusive lovin'
Today's Broadcast
ZainboarKartikboar
🎬
Sensible policy
Today's Stream
ZainboarKartikboar
🎬
Shoes in mouth
Today's Stream
ZainboarKartikboar
🎬
The code always wins
Buidl Break Fix
ZainboarKartikboar
🎬
Chicken curry in the brown way
Buidl Break Fix
ZainboarKartikboar
🎬
Finger memory practice
Build Break Fix
ZainboarKartikboar
🎬
See you later Kartik
Build Break Fix
ZainboarKartikboar
🎬
Keep your code looking sexy
Today's Broadcast
ZainboarKartikboar
🎬
Echo chamber Zain
Today's Broadcast
ZainboarKartikboar
🎬
And Kartik never got a job again...
Today's Broadcast
ZainboarKartikboar
🎬
Pilot? What even iz dat kind of fing
Today's Broascast
ZainboarKartikboar
🎬
Fish and Chips
Build - Break - Fix
ZainboarKartikboar
🎬
Backup career
Build - Break - Fix
ZainboarKartikboar
🎬
Professional background? Wat even iz dat?
Today's Broadcast
ZainboarKartikboar
🎬
Private mentorship group
Today's Broadcast
ZainboarKartikboar
🎬
Actually good job advice from Zain
Today's Stream
ZainboarKartikboar
🎬
What a classic!
Today's Stream
ZainboarKartikboar
🎬
Uber driver in training
Today's Stream
ZainboarKartikboar
🎬
Viewer burn
Today's Broadcast
ZainboarKartikboar
🎬
Time for a nap
Today's Broadcast
ZainboarKartikboar
🎬
A sniffer of a line
Today's Broadcast
ZainboarKartikboar
🎬
Slow Zain
Today's Broadcast
ZainboarKartikboar
🎬
No single point of failure
Today's Broadcast
ZainboarKartikboar
🎬
Gambling on bad logic
Today's Broadcast
ZainboarKartikboar
🎬
Estimated Time of New-Careers
Today's Broadcast
ZainboarKartikboar
🎬
Fake Nod
Today's Broadcast
ZainboarKartikboar
🎬
Investing in 'the brand'
NEW SETUP!!
ZainboarKartikboar
🎬
Hitting a brick
NEW SETUP!!
ZainboarKartikboar
🎬
Master of the green screen
NEW SETUP!!
ZainboarKartikboar
🎬
Logiclesstech
NEW SETUP!!
ZainboarKartikboar
🎬
Get him to the greenscreen
Today's Stream
ZainboarKartikboar
🎬
Change the digit to a number
Today's Stream
ZainboarKartikboar
🎬
The benefits of pair programming
Today's Broadcast
ZainboarKartikboar
🎬
Xs, the healthy choice
Today's Stream
ZainboarKartikboar
🎬
Xs vs mother
Today's Stream
ZainboarKartikboar
🎬
The beginning of the end of productivity
Today's Stream
ZainboarKartikboar
🎬
Unprofessional Zain
Today's Stream
ZainboarKartikboar
🎬
Blazing fast
Today's Stream
ZainboarKartikboar
🎬
Premature celebratory dance
Today's Stream
ZainboarKartikboar
🎬
Timeline slippage
Today's Stream
ZainboarKartikboar
🎬
Speed coding
Today's Stream
ZainboarKartikboar
🎬
Sorry I dont know that voice
Today's Broadcast
ZainboarKartikboar
🎬
Definition of done
Today's Broadcast
ZainboarKartikboar
🎬
Amway bites
Today's Broadcast
ZainboarKartikboar
🎬
A cool stream
Today's Broadcast
ZainboarKartikboar
🎬
Spooky Kartik
Today's Broadcast
ZainboarKartikboar
🎬
Water physics 101
Today's Stream
ZainboarKartikboar
🎬
Scrum master Zain
Today's Stream
ZainboarKartikboar
🎬
Zain applying his scrum master skills
Today's Stream
ZainboarKartikboar
🎬
Zain the blunderer
Today's Stream
ZainboarKartikboar
🎬
Healthier than other traditional drinks
Today's Stream
ZainboarKartikboar
🎬
Real headscratcha
Today's Stream
ZainboarKartikboar
🎬
Bracket blues
Today's Stream
ZainboarKartikboar
🎬
If statements are not good practice
Today's Stream
ZainboarKartikboar
🎬
Kappa Quality Code
Today's Stream
ZainboarKartikboar
🎬
Exciting switch statements
Today's Stream
ZainboarKartikboar
🎬
Switched-on hat
Today's Broadcast
ZainboarKartikboar
🎬
Functions, one of the big coding challenges
Today's Broadcast
ZainboarKartikboar
🎬
Break fast
Today's Broadcast
ZainboarKartikboar
🎬
Blood and breath pumping up
Today's Broadcast
ZainboarKartikboar
🎬
Wrong since day 1
Today's Broadcast
ZainboarKartikboar
🎬
Electronic waves
test
ZainboarKartikboar
🎬
RAWR coders
test
ZainboarKartikboar
🎬
Transit in Japawn
test
ZainboarKartikboar
🎬
Xs sponsorship
test
ZainboarKartikboar
🎬
Lame roars
test
ZainboarKartikboar
🎬
Setting up a suppository in Diagon Alley
test
ZainboarKartikboar
🎬
Background Diagon Alley
test
ZainboarKartikboar
🎬
Half speed zain
test
ZainboarKartikboar
🎬
One second penetration
test
ZainboarKartikboar
🎬
Top loading switches
test
ZainboarKartikboar
🎬
Making it rain with CodeBuild
test
ZainboarKartikboar
🎬
What is a sea cable?
Today's Stream
ZainboarKartikboarToreyboar
🎬
If statements are bad practice
Today's Broadcast
ZainboarKartikboar
🎬
Tomato fan
Today's Broadcast
ZainboarKartikboar
🎬
Strong intro
Today's Stream
ZainboarKartikboar
🎬
Impossible URL
Today's Stream
ZainboarKartikboar
🎬
Clever devs
Today's Stream
ZainboarKartikboar
🎬
Always CORS related problems
Today's Stream
ZainboarKartikboar
🎬
CORS headscratcha
Today's Stream
ZainboarKartikboar
🎬
Torres Strait Icelander people
Today's Stream
ZainboarKartikboarThaneshboar
🎬
Icelander or Islander?
Today's Stream
ZainboarKartikboarThaneshboar
🎬
Best Practices
101/200 Episodes
ZainboarThaneshboar
🎬
ROAR coders
105/200
ZainboarThaneshboar
🎬
Diagon Alley? What is that kind of fing?
112/200
ZainboarKartikboar
🎬
C.O.D.I.N.G
113/200
Zainboar
🎬
What's testing
115/200
ZainboarThaneshboar
🎬
CORS coders
115/200
ZainboarThaneshboar
🎬
Complimenting the wrong person
Today's Stream
ZainboarThaneshboar
🎬
Alt+F4 Zain
Today's Stream
ZainboarThaneshboar
🎬
Fixing and failing
Today's Stream
ZainboarThaneshboar
🎬
Brown is always better than white
AWS Websocket + DyanmoDb + Lambda
ZainboarThaneshboar
🎬
Wild street dogs
Today's Stream
ZainboarToreyboar
🎬
The more you know
How to Host Web App Using AWS S3, CloudFront and Route53
ZainboarThaneshboar
🎬
Inactive brain
How To Host Web App In AWS S3 with Custom Domain Using Route 53
ZainboarThaneshboar
🎬
No electricity in Bali
Today's Stream
ZainboarToreyboar
🎬
Francesco
Today's Stream
ZainboarToreyboar
🎬
Indian givers
Compare Hashed Passwords Using Bcryptjs
ZainboarToreyboar
🎬
Cold coffee, cold tea
Today's Stream
ZainboarToreyboar
🎬
Tough questions
Verify Passcode Saving Information to DynamoDB with NodeJs
ZainboarThaneshboar
🎬
Tandoor? Wat even iz dat kind of fing
Today's Stream
ZainboarThaneshboar
🎬
This is why you don't click ops
Today's Stream
ZainboarToreyboar
🎬
Bish Bash Bosh
Get Board Columns from Frontend to Backend NodeJS
ZainboarThaneshboarToreyboar
🎬
Zip first developer
Today's Stream
ZainboarThaneshboar
🎬
Busted again
Today's Stream
Zainboar
🎬
Torey the stinker
Beta Testing Fixes Part 2
ZainboarToreyboar
🎬
Torcoders which are roarers
Beta Testing Fixes Part 3
ZainboarThaneshboar
🎬
Delusional Zain
Beta Testing Fixes Part 3
ZainboarThaneshboar
🎬
Hey guys, torey here
Beta Testing Fixes Part 3
ZainboarThaneshboar
🎬
Zain's going platinum
Today's Stream
ZainboarThaneshboar
▶️
Doggy dog
Today's Stream
ZainboarThaneshboar
🎬
Fartik
How To Test Prevention XSS Attack
ZainboarKartikboar
🎬
Second Favourite
Today's Stream
Zainboar
🎬
Disco Zain
Today's Stream
Zainboar
🎬
Keyboard allergies
Hook Up AWS Websocket
Zainboar
🎬
As you been poopin?
Hook Up Board Columns to Websockets Nodejs + AWS Websockets
Zainboar

Subtitles

0:00:08
do
0:00:12
[Music]
0:00:26
what is going on guys welcome back to a
0:00:29
fresh session of
0:00:32
raw coders
0:00:34
no buildbreaking fix by raw code as i
0:00:36
messed it up yeah that's my fault
0:00:40
i guess that's what makes the show
0:00:43
original right
0:00:45
exactly
0:00:47
fantastic yeah so um
0:00:50
great to have you again
0:00:52
finish as always
0:00:54
how are we feeling
0:00:56
yeah good man um
0:00:59
yeah thanks for having me again um i was
0:01:01
gonna say that
0:01:02
yeah your intro is also
0:01:04
a bill breaking fix
0:01:06
sort of um
0:01:10
absolutely
0:01:12
fantastic yeah
0:01:14
all right
0:01:16
first things first let's um do the
0:01:19
acknowledgement of the country and pay
0:01:22
our respect to the past present and
0:01:24
future so here we go
0:01:27
i begin today by acknowledging the
0:01:29
traditional custodians of the land on
0:01:32
which we gather today and pay my
0:01:34
respects to the elders past present and
0:01:36
future i extend their respect to
0:01:39
aboriginal and torres strait islander
0:01:41
people here today
0:01:45
cool that is smoothly done
0:01:47
right
0:01:48
uh
0:01:49
hey gag there
0:01:51
um
0:01:52
how's it going
0:01:55
uh yeah so
0:01:58
um i know that i wasn't able to make it
0:02:01
on i believe it was friday
0:02:05
and
0:02:06
yeah so what did you guys get up to do
0:02:09
you want to give a bit of a context and
0:02:11
then we can carry on from there
0:02:13
yeah sure thing um i don't know if
0:02:15
you're gonna like this or not but we
0:02:18
basically we investigated the
0:02:21
how geckdev executed the
0:02:24
the
0:02:25
um
0:02:27
yeah does the
0:02:29
what's it called xss
0:02:31
execution
0:02:33
um
0:02:35
and yeah
0:02:36
what we found was um actually tori found
0:02:39
it is basically
0:02:41
um
0:02:44
basically um
0:02:49
it he could
0:02:51
uh run it through like the console using
0:02:53
the websocket connection uh function
0:02:57
um
0:02:58
so it's actually really cool like i
0:02:59
thought that was really fascinating how
0:03:01
we did that um
0:03:03
yeah just running javascript through the
0:03:05
function and then it uh executes on the
0:03:08
on
0:03:08
scrambler so we definitely i think
0:03:10
that's something we need to
0:03:12
um
0:03:14
add in the backlog anyways to
0:03:16
you know ensure that other people can't
0:03:18
do the same
0:03:20
but yeah it's interesting i thought
0:03:22
so we just looked into that which was
0:03:24
fun and interesting
0:03:34
are you jealous now huh that finishes
0:03:39
a little bit a lot better in
0:03:41
the short amount of time eh
0:03:44
it was story man it was it was solitary
0:03:48
no as in um yeah it's
0:03:50
team
0:03:51
team workbot i'm just teasing jack david
0:04:02
yes i think that was a really good
0:04:05
finding and yeah we would probably have
0:04:07
to pull m effects against that so is
0:04:11
that in
0:04:12
jira or
0:04:14
does that still has to be in jira
0:04:16
yeah it's the last about it
0:04:19
okay cool
0:04:20
not a problem so today what we're gonna
0:04:24
be continuing
0:04:26
would be for
0:04:30
um
0:04:31
[Music]
0:04:34
the excess
0:04:35
xss attack then basically
0:04:38
because i wanted to do
0:04:40
the um
0:04:42
the the websockets
0:04:46
thing
0:04:47
no what was it
0:04:51
what was the part there
0:04:52
me and torible working on
0:04:57
i can't remember now oh you guys were
0:05:00
working websockets as well i think
0:05:02
that's what tori told me
0:05:04
he said um
0:05:08
you guys were testing a function
0:05:13
um
0:05:16
a heartbeat happy holiday okay yeah
0:05:20
sorry just
0:05:21
mention a heartbeat
0:05:23
yeah so i guess we would
0:05:25
um uh i didn't get time to test the
0:05:29
hobby even though i said it as in last
0:05:33
week um
0:05:35
i would
0:05:36
probably
0:05:39
deploy
0:05:41
deploy the changes
0:05:43
okay cool so
0:05:45
um we
0:05:47
i don't really know where will we
0:05:51
in the heartbeat stuff
0:05:53
um
0:05:54
[Music]
0:06:00
so if story's saying that deploy it
0:06:04
deploy the changes
0:06:06
then that would mean that we've already
0:06:09
done the work but we just have to check
0:06:12
whether that works or not
0:06:15
but yeah
0:06:16
if we want to test it then everything
0:06:18
would come online
0:06:21
and
0:06:23
someone that i know
0:06:27
might play around again
0:06:30
um
0:06:31
yes i'm just thinking if we should do
0:06:34
that
0:06:35
what do you think finesse
0:06:37
i think um yeah we could actually might
0:06:40
already be online but um because uh tori
0:06:43
and i were testing it the other day but
0:06:46
um okay um
0:06:48
yeah we could we could just still test
0:06:50
it and then you know take it down after
0:06:52
maybe
0:06:57
uh yeah it
0:06:59
seems to be still online
0:07:03
uh
0:07:04
now i'm just gonna wait for something
0:07:06
really
0:07:07
funny to happen and
0:07:09
then
0:07:14
see who the genius is because i have an
0:07:18
app now installed in the browser to see
0:07:21
those con those kind of things
0:07:23
really
0:07:24
yeah what what does it do
0:07:27
huh what does it do the app
0:07:33
you'll see when i um i i
0:07:38
tell you
0:07:39
okay okay don't worry
0:07:44
sounds cool
0:07:47
yeah yeah
0:07:50
um
0:07:51
so
0:07:52
yeah
0:07:53
that was ej it was kind of a really cool
0:07:56
app how i how i got and got to know it
0:08:00
and then
0:08:02
i need that i need that in the stream
0:08:05
and see what's going on
0:08:11
so yeah
0:08:12
that'll be good um yeah so because it's
0:08:16
already there
0:08:20
i'm thinking how about if we test the
0:08:23
websocket
0:08:24
connection
0:08:26
anyway
0:08:29
yeah
0:08:31
so
0:08:32
i think at the moment the home page is
0:08:35
index.html but we need to convert that
0:08:37
to home.html
0:08:39
for s3
0:08:41
oh boy
0:08:43
so if you see if you
0:08:44
go into scrambler.dev
0:08:46
[Music]
0:08:48
it shows
0:08:49
index.html straight away
0:08:54
for yeah it goes to the board page right
0:08:56
the or enter enter name your board
0:08:59
no it goes to the index to his html
0:09:05
that's it let me check
0:09:07
yeah because i'll just type in scrambler
0:09:10
rowcoder.dev and it took me to index
0:09:14
oh okay want to play the music
0:09:18
i mean yeah that's an easy fix right
0:09:20
yeah yeah
0:09:23
so financially would be your turn pick
0:09:26
anything except
0:09:29
ah or anywhere near oh
0:09:32
yeah i know because we're here
0:09:34
many
0:09:35
yeah
0:09:36
um
0:09:39
three
0:09:40
two
0:09:41
one
0:09:42
go
0:09:43
okay hey
0:09:45
hey stick okay cool here we go
0:09:51
okay
0:09:52
i'm just hoping i don't
0:09:54
i don't fall asleep on this music now
0:09:58
all right um yeah so
0:10:02
i'll probably share share my screen
0:10:06
[Music]
0:10:16
please do something someone
0:10:18
i'm waiting the app is running
0:10:21
i honestly think this time it could be
0:10:23
it could even be tarry because we did it
0:10:26
the other day and
0:10:27
like oh all right i see i see he's
0:10:31
probably got it on the
0:10:33
back of his fingertips so ah
0:10:37
i say if something yeah that makes sense
0:10:39
though
0:10:40
could be tory too
0:10:43
sure
0:10:48
okay i'm just gonna
0:10:51
close some of the private things first
0:10:56
and then we can focus on
0:10:59
dancing
0:11:00
screen sharing
0:11:09
i'm just saying like it might be
0:11:16
uh
0:11:17
i missed the stream to be honest
0:11:23
oh he's on to your finish yeah
0:11:28
all right um
0:11:29
so i'll just do this and
0:11:32
let's come below and then i'll go to
0:11:36
hps
0:11:42
oh but actually the interesting thing is
0:11:44
and we also tried it um
0:11:47
uh
0:11:48
when we try to create the
0:11:50
board and
0:11:52
we use script um
0:11:56
uh we use like a script tag to create
0:11:58
the board and it actually
0:12:00
um i don't know what i don't know if
0:12:02
it's dynamodb or or javascript itself
0:12:05
it's kind of um
0:12:07
it just get rid of this script tag so
0:12:09
it's not a it doesn't actually create
0:12:11
the board
0:12:12
um which is pretty neat
0:12:13
it's like
0:12:14
i see measure that's already in place
0:12:17
okay
0:12:20
that's pretty good so we already um have
0:12:24
the built-in
0:12:25
validation for that
0:12:29
that's amazing
0:12:30
yeah
0:12:33
okay so i'm gonna do that
0:12:36
so in this one basically we're just
0:12:39
testing the websocket
0:12:42
as in how long does it take to get
0:12:44
disconnected
0:12:59
all right um so that's the properties
0:13:04
there's not that's not that one
0:13:06
permissions
0:13:08
bucket policy
0:13:10
where was that
0:13:13
um to set the index
0:13:16
index
0:13:18
scroll down on this one
0:13:21
am i sharing my screen
0:13:23
yes
0:13:25
let's scroll down to static uh site
0:13:28
hosting and then on here yeah
0:13:30
okay ah here we go
0:13:33
cool so
0:13:35
this would be
0:13:38
home
0:13:45
okay so now if we try and
0:13:49
physically should
0:13:51
give us
0:13:53
homepage here we go perfect
0:13:56
right cool so i'm gonna make a board say
0:14:01
actually first of all i'm gonna go and
0:14:04
delete all the boards
0:14:10
why did i
0:14:12
log out
0:14:22
and why am i going to s3 again
0:14:32
um
0:14:34
bored
0:14:35
that one
0:14:40
please tell me
0:14:42
it hasn't done well
0:14:45
how many pages are they
0:14:48
okay
0:14:51
just one which is good
0:14:53
so i can basically just delete all this
0:15:01
okay cool
0:15:03
so go ahead and place um
0:15:06
t1
0:15:09
one
0:15:10
two three four
0:15:16
okay cool so that is t1 which is great
0:15:21
i'll send you the
0:15:24
length of that
0:15:27
you know what was gonna happen
0:15:30
yeah no no
0:15:32
someone's gonna be a bad
0:15:34
boy
0:15:36
yeah
0:15:38
i'm waiting for it
0:15:50
okay so websocket is open
0:15:56
okay
0:15:57
sock is open which is
0:15:59
good so we just basically
0:16:02
um
0:16:03
wait until this gets
0:16:05
connected i'm gonna put my timer on as
0:16:08
well
0:16:10
[Music]
0:16:12
and in the mean
0:16:13
while we can keep on doing
0:16:15
other stuff
0:16:18
there there we go
0:16:20
there we go
0:16:25
i don't actually know if that's tori
0:16:27
okay dead now
0:16:30
i don't think his
0:16:33
story
0:16:37
i don't know man
0:16:39
[Music]
0:16:44
okay
0:16:46
you know what
0:16:52
let it happen it's fine
0:17:01
not redirected
0:17:04
all right i'm
0:17:06
taking this down
0:17:08
that's fine
0:17:11
they can have all the fault in one after
0:17:13
this
0:17:15
why did they direct this to this
0:17:17
because
0:17:19
they want to play
0:17:20
play with us and i know exactly who that
0:17:24
is but i'm not gonna
0:17:25
i'm not gonna name them
0:17:27
okay
0:17:28
yeah
0:17:31
okay
0:17:33
here we go guys be happy now
0:17:44
gekko says i thought you had a miracle
0:17:46
add-on to fix it zayn
0:17:49
i didn't say fix it i just said just to
0:17:53
check who that is
0:17:59
okay we need to do that um
0:18:06
just
0:18:07
uh if you take static hosting off uh
0:18:10
yeah that's what was what i was trying
0:18:13
to find but i wasn't able to
0:18:16
oh somebody
0:18:18
flipped the board
0:18:26
looked on my screen
0:18:31
um
0:18:33
okay so we can do this testing
0:18:38
off off to us we can just basically
0:18:41
focus on how to
0:18:43
uh fix the excess s attack
0:18:47
when i actually check what is this
0:18:50
exercise attack i didn't even
0:18:53
i never i don't even
0:18:55
know that's right scripting it's a
0:18:57
sulfate attack
0:19:00
our type of injection is uh in malicious
0:19:03
scripture injecting otherwise
0:19:07
until the troops and
0:19:08
[Music]
0:19:10
okay so
0:19:12
how would this be
0:19:14
and
0:19:15
and how you can fix it
0:19:18
there
0:19:18
is a
0:19:21
client-side coding injection attack
0:19:25
the attacker am strange human dishes
0:19:27
crystal in the web browser of the victim
0:19:30
by including malicious code uh okay cool
0:19:34
i see that is how it works
0:19:37
so you just probably
0:19:39
can abuse her
0:19:41
on a web page during qr between
0:19:44
javascript and using the security of
0:19:47
their vulnerabilities
0:19:49
and web application and it's
0:19:52
jesus has been compromised yep that i
0:19:55
agree
0:19:56
this is no use problem
0:19:58
like any other and exclusive
0:20:00
vulnerability it is affecting your users
0:20:03
it affects you
0:20:05
yep
0:20:06
what can the checkered i don't really
0:20:08
want to know what can they do because i
0:20:10
already know what they can do
0:20:13
how christmas and okay i don't really
0:20:16
want to know how it works
0:20:18
stealing cookies using uh
0:20:21
criminals often uses it to steal cookies
0:20:25
uh
0:20:26
script tags body tag javascript
0:20:30
how do we fix it
0:20:32
uh taurian said in the comments check
0:20:34
out
0:20:36
dom
0:20:37
purify
0:20:38
it the library will work with node
0:20:42
uh okay tom
0:20:45
your favorite
0:20:52
what does that do
0:20:56
said
0:20:57
donkey fight is the dom only supervised
0:21:00
will all turn
0:21:03
toward an access sanitizer for html
0:21:06
method and svg
0:21:08
so so it's also
0:21:10
very simple to use and to get started
0:21:12
with
0:21:14
okay so we can basically do this
0:21:20
how do we you should use it
0:21:22
uh it's easy
0:21:24
to just include dom
0:21:26
peripheral on your
0:21:28
website using the minifile and
0:21:32
using the minified testing production
0:21:35
server
0:21:36
version so it's not beautiful
0:21:41
okay cool we're choosing this one then
0:21:47
collective says little fixing bugs in
0:21:49
the underlying scrambler code base
0:21:52
instead of just turfing the project and
0:21:53
becoming taxi drivers
0:21:58
[Music]
0:22:05
um
0:22:08
yeah it seems like this is a good
0:22:09
solution actually
0:22:14
using the minified development version
0:22:16
no we don't want to use these
0:22:18
during the minivar testing production
0:22:21
version
0:22:22
yep probably we can use this one the
0:22:27
testing
0:22:29
tested product production version
0:22:32
source map available
0:22:34
but if this is that where do we download
0:22:37
it from
0:22:41
oh you're gonna do the ball don't marry
0:22:43
five yeah
0:22:44
don't purify
0:22:49
oh
0:22:50
well
0:22:51
and that
0:22:52
would be basically done in
0:22:54
client side
0:22:57
uh
0:23:00
isn't it
0:23:03
because it's everything is happening on
0:23:05
the
0:23:06
client side
0:23:09
but they're actually um
0:23:11
they're accessing the function through
0:23:13
the
0:23:13
to the console i think
0:23:16
they're
0:23:17
which is in dawn
0:23:20
oh yeah yes yes
0:23:22
yes wait
0:23:26
isn't it
0:23:33
because saying that is written in
0:23:36
javascript and works in all modern
0:23:39
browsers if it
0:23:41
says that you worked in all modern
0:23:45
servers
0:23:46
then it would be backend
0:23:49
oh yeah yeah yeah
0:23:51
yeah that makes sense
0:23:57
[Music]
0:24:05
hospital to tabs is done
0:24:08
here branch will be on
0:24:14
um
0:24:16
connect prep talking no no
0:24:19
sticking out no
0:24:22
connect
0:24:24
websocket
0:24:26
now done that work function no
0:24:30
that's all done
0:24:34
actually
0:24:38
[Music]
0:24:43
ah yes
0:24:58
um
0:25:02
it says attacks
0:25:22
okay here we go
0:25:30
basically all we do is npm it's
0:25:38
very mpm here
0:25:50
[Music]
0:25:55
remember saying though we
0:25:57
uh um
0:25:59
when we try to use the package uh
0:26:01
remember we were trying to do this for
0:26:03
bcrypt and we tried to use the package
0:26:05
in
0:26:06
in the file it wasn't
0:26:09
um
0:26:11
it wasn't working like it we couldn't
0:26:13
access it or something like
0:26:16
something along those lines
0:26:22
actually yes i'm remembering that
0:26:25
because it was
0:26:26
the mpm package
0:26:29
it wasn't
0:26:30
picking it up
0:26:32
yes yeah
0:26:34
we couldn't use it and still front end
0:26:37
so how do we overcome that again that's
0:26:40
very good we
0:26:41
we changed the entire
0:26:44
logic to be put in backhand
0:26:46
just for that
0:26:48
yeah yeah
0:26:50
oh yeah true
0:26:54
but this
0:26:55
shouldn't be the case because we can
0:26:57
include the script here
0:27:03
this the script file has to be here
0:27:05
somewhere for downloadable
0:27:08
oh okay
0:27:12
inside 34-bit style
0:27:18
oh
0:27:18
true yeah
0:27:20
from pm oh here we go we rely on npm
0:27:23
round square points grades go to them
0:27:25
yes
0:27:26
uh-huh
0:27:28
and team run length
0:27:30
developing and contribution no don't
0:27:32
need that
0:27:41
uh
0:27:42
can i configure
0:27:44
demos
0:27:46
[Music]
0:27:51
maybe
0:27:52
you can download the script from
0:27:55
from the github
0:27:59
is there a link to that
0:28:02
i'll save it in the chat but i should be
0:28:04
there
0:28:15
oh you sent in the chat
0:28:25
it's funny how it's a private chat and
0:28:28
we open it all while screen
0:28:42
sharing oh not again
0:28:46
ready guys
0:28:48
kind of fun
0:28:50
new thing is this you know me already
0:28:55
come
0:28:56
on
0:28:58
come on good time you can do better than
0:29:00
this
0:29:08
see
0:29:09
stop playing hard to get
0:29:13
all right so don't purify
0:29:16
scripts
0:29:20
what does it do
0:29:22
[Music]
0:29:25
okay just asking questions
0:29:27
it's in this
0:29:29
hang on a minute okay this purify
0:29:31
mind.js
0:29:33
says in this
0:29:36
purifying.js
0:29:38
we just need that
0:29:40
yep there we go
0:29:43
watch okay nevermind
0:29:46
that's it
0:29:51
oh
0:29:52
but yeah i guess it's minified so it's
0:29:55
like all in one line or something
0:30:00
so we basically just
0:30:02
make a new
0:30:04
file name as purified.json
0:30:09
copy and paste this
0:30:11
i guess so yeah yeah
0:30:13
let's try that and get them i'll
0:30:17
get back to you very shortly
0:30:22
uh
0:30:23
client
0:30:24
new file
0:30:27
fury file
0:30:30
main.js
0:30:33
boom
0:30:35
i just wrote an extension of mpm
0:30:41
um
0:30:43
okay time to get back to
0:30:46
jack duff i don't want to leave him
0:30:48
hanging
0:30:52
all right what does mr cactus say
0:30:59
finish goldberg
0:31:06
i think you wanted me to ask you because
0:31:08
you were like on the screen so you can't
0:31:10
see this
0:31:11
right
0:31:12
what
0:31:14
he wanted me to ask you the question
0:31:17
because you normally can't see the
0:31:20
the comments right because you are
0:31:22
here
0:31:23
yeah yeah
0:31:24
yeah
0:31:28
so
0:31:29
why do you ask yet def
0:31:37
saying we can't see a screen by the way
0:31:39
oh my bad
0:31:46
uh
0:31:46
[Music]
0:31:54
stop ah
0:31:55
i stopped
0:31:56
sharing why i stopped
0:32:02
and to be honest what does that even
0:32:04
mean platinum
0:32:08
i don't know
0:32:10
what is that
0:32:11
kind of thing
0:32:12
platinum
0:32:20
i don't know um
0:32:25
did you want to try that so the
0:32:30
the localhost
0:32:33
uh
0:32:34
yeah but so after you you created that
0:32:37
file do you wanna
0:32:41
then import it
0:32:43
or use that script tag and then
0:32:45
try to use the function
0:32:47
yes so let's do that one
0:32:57
so how do we import it again
0:33:01
i forgot if you go on the github uh
0:33:09
and go back to the main page
0:33:14
like if you go
0:33:17
yeah
0:33:18
i have one more
0:33:20
and then like you scroll down
0:33:30
there you go so we need to do this
0:33:34
copy
0:33:36
and
0:33:38
uh
0:33:40
where's our index
0:33:42
oh actually saying like
0:33:45
since the file is already here
0:33:48
we've always changed the path name okay
0:33:52
yes yeah
0:34:04
so there you go
0:34:07
so then that should basically do the
0:34:09
trick isn't it we don't really need this
0:34:12
because since these are working
0:34:15
without the type that should be fine
0:34:28
okay so
0:34:30
shall we try this now
0:34:32
oh
0:34:37
afterwards you can sanitize string by
0:34:40
executing the following code
0:34:44
oh so we need to sanitize the websocket
0:34:48
string
0:34:50
yes yeah listen yeah yeah
0:34:52
that would make sense
0:34:54
so
0:34:56
what's dirty here the results in html
0:35:04
[Music]
0:35:07
the results in a is still
0:35:10
can be
0:35:12
beer
0:35:14
pretending to dominion using html
0:35:17
to find the right that is totally up
0:35:20
that's really up to you
0:35:23
by html
0:35:26
uh
0:35:27
right
0:35:29
so basically what we do is we have got
0:35:32
the
0:35:33
html thing there
0:35:36
so we basically do this now
0:35:40
right
0:35:43
so that would go into
0:35:46
into
0:35:49
maintain to entire entity
0:36:10
that is not the one we need this one so
0:36:13
websockey url
0:36:15
so we be basically okay so that's
0:36:19
gonna happen on a load
0:36:21
isn't it
0:36:23
um
0:36:24
which is here
0:36:29
on load so as soon as
0:36:31
index.html plus
0:36:33
opens
0:36:34
this
0:36:36
basically this your front-end
0:36:41
does
0:36:43
loads
0:36:45
this one
0:36:46
this function
0:36:48
and then
0:36:50
it goes in that way
0:36:58
um
0:37:01
wait um
0:37:03
where what's his name tori
0:37:05
uh was
0:37:07
the function tori was using to execute
0:37:09
it is um dispatch websocket message
0:37:12
online 463
0:37:16
but yeah i'm not sure
0:37:20
i think maybe that's a good place to
0:37:21
start like um
0:37:23
gekko says that
0:37:25
four
0:37:26
four one
0:37:28
four sixty three
0:37:30
four
0:37:43
okay
0:37:46
so
0:37:47
if we when we're getting the dispatch
0:37:49
message
0:37:51
um
0:37:52
on the next line perhaps if we sanitize
0:37:54
it using the that function
0:37:57
and then
0:38:02
you know what i mean on like line four
0:38:04
seven one i think
0:38:09
if it's on if if it's equals board id if
0:38:13
it's undefined
0:38:15
then
0:38:18
from from there and then also sanitize
0:38:20
it
0:38:24
yeah
0:38:26
okay so
0:38:28
what are we
0:38:30
what is your end goal here
0:38:34
to sanitize the message
0:38:36
and then pass it to the websocket
0:38:40
um because this is like
0:38:42
yeah like i said um
0:38:46
yeah this is a function tori was using
0:38:48
the other day to execute it but just
0:38:50
what tori's saying in the chat now he's
0:38:52
saying that we should do it in the back
0:38:54
end and not the front end because
0:38:56
and i think that's a good point as well
0:38:58
like you know
0:38:59
his front end might take forever back in
0:39:02
if we sanitize the message then
0:39:05
um before it executes maybe that could
0:39:09
be easier
0:39:10
so we're still getting the
0:39:12
dirty html message in the front and then
0:39:14
cleaning it up in the back end
0:39:17
it's a good point um
0:39:23
yeah he says you want to sanitize it
0:39:25
when you're receiving the message
0:39:26
anyways not when you send it that's a
0:39:28
good point
0:39:33
yeah
0:39:34
i was thinking more along
0:39:37
when we received the
0:39:39
message by
0:39:41
isn't really
0:39:43
um
0:39:44
it's okay but we
0:39:46
need it more for
0:39:48
receiving you as in because
0:39:51
when someone does it we receive that
0:39:54
message
0:39:56
isn't it
0:39:59
sorry say that again
0:40:01
so we we probably need to
0:40:05
sanitize it when we receive the message
0:40:08
instead
0:40:10
because so
0:40:13
why would we
0:40:15
want to do it when receiving so say for
0:40:18
example you have a board and i know your
0:40:21
websocket
0:40:22
connection i've been the attacker
0:40:26
actually send it but you you're the one
0:40:29
who's gonna receive it
0:40:31
so if we do it on the receiving as in
0:40:34
set if you sanitize on your end which
0:40:39
would be receiving the message
0:40:42
that might make more sense
0:40:47
tori is saying that
0:40:49
the way we want to do it now might be
0:40:51
easy to get around
0:40:54
um
0:40:55
yeah if we were to
0:40:57
add this dom purify sanitize
0:41:01
um in the back end so the message is
0:41:04
being
0:41:04
you know what i'm saying right saying
0:41:06
like it would be center h like the html
0:41:09
that they're executing the script tags
0:41:13
um and then on the back end code before
0:41:17
we run before we execute on the back end
0:41:20
we clean it up first using the
0:41:22
purify
0:41:23
if you get whatever i think that's what
0:41:25
tori means and yeah
0:41:27
can you possibly
0:41:29
repeat that because i
0:41:31
wasn't able to understand
0:41:35
so you know how we'll be using this um
0:41:39
don't purify in the front and now which
0:41:42
cleans up the
0:41:43
the the script tags
0:41:46
um
0:41:47
basically instead of
0:41:50
instead of um
0:41:52
instead of running it on the front end
0:41:55
sorry it's really convincing i shouldn't
0:41:57
do that anyways instead of
0:42:00
running this at the front end
0:42:02
um
0:42:03
do it on the back end side instead right
0:42:06
so
0:42:07
you know how now
0:42:09
if we add this here it's gonna clean it
0:42:11
clean the html in
0:42:14
uh on the front end and then send it as
0:42:16
clean to the
0:42:18
back end
0:42:19
so
0:42:20
instead of that send it as dirty to the
0:42:22
back end and then clean it up in the
0:42:24
back end instead
0:42:29
[Music]
0:42:32
but that would mean that
0:42:34
we will still experience
0:42:37
these kind of attacks in the front end
0:42:41
if we are doing this
0:42:42
sanitizing only in the back end
0:42:48
but essentially like
0:42:49
so for this websocket thing right it
0:42:51
takes
0:42:52
it requires both the front-end and
0:42:54
back-end
0:42:55
parts to work right
0:42:58
so
0:42:58
if it's clean on the back end then it
0:43:00
won't it still won't uh
0:43:03
it still won't execute isn't that right
0:43:06
so
0:43:10
if i'm not
0:43:11
mistaken websockets are just for the
0:43:14
front end
0:43:16
is it
0:43:20
or am
0:43:22
no no no no no that doesn't make sense
0:43:25
because if it was then we wouldn't be
0:43:28
getting connection ids in the db
0:43:34
yeah
0:43:34
yeah exactly yeah
0:43:37
so
0:43:38
what you guys are suggesting of all
0:43:42
my screen just
0:43:44
went black
0:43:45
um
0:43:46
so what you guys are suggesting that
0:43:49
when we receive the messages
0:43:51
as in
0:43:52
when we receive the access attack
0:43:55
we don't sanitize it in the front end
0:43:57
but when we are saving in the db only
0:44:00
then we um
0:44:03
sanitize it but that's also in the back
0:44:06
end
0:44:10
wait am i right
0:44:12
or have i gone go on the completely
0:44:15
wrong end off
0:44:17
before you before you save anything into
0:44:19
the db
0:44:20
right so
0:44:22
um
0:44:25
um
0:44:28
okay so how how will we stop them coming
0:44:32
from the brow
0:44:33
coming in the browser the browser is in
0:44:36
the front end
0:44:39
as in on the client side
0:44:45
sorry
0:44:46
um
0:44:50
okay this is just too funny but um
0:44:54
let me let me think about it real quick
0:45:00
but
0:45:05
so
0:45:06
when that
0:45:08
when they're doing
0:45:09
the um
0:45:11
just as i
0:45:14
remind you
0:45:15
yes trying not to pay that much
0:45:17
attention on jacob's and comments
0:45:20
because he loves just to spice things up
0:45:24
which is fantastic
0:45:26
and it's
0:45:27
fun but at the same time we need to keep
0:45:30
our as in rhythm
0:45:33
going to draw
0:45:35
it's uh it's breaking my thoughts as
0:45:37
well
0:45:42
so
0:45:45
okay
0:45:46
um
0:45:57
so right now when they execute it
0:46:00
let's have a look
0:46:16
i'm executing this
0:46:17
[Music]
0:46:21
send
0:46:23
loves
0:46:26
it's really good having this as yourself
0:46:28
an entertaining
0:46:30
spiciest person
0:46:32
on the
0:46:33
on
0:46:34
the show is it
0:46:36
well because it adds up a bit of a taste
0:46:40
of often entertaining fun
0:46:43
that's true
0:46:50
[Music]
0:46:59
[Laughter]
0:47:02
is definitely
0:47:04
getting a taste
0:47:10
again don't pay too much attention okay
0:47:18
he's too good um
0:47:22
so that's end
0:47:24
so
0:47:25
um
0:47:26
[Music]
0:47:27
let me just have a look
0:47:46
um
0:47:48
[Music]
0:47:51
i'm
0:47:52
probably finished talk to me about your
0:47:54
thought process
0:47:56
rather than seeing the code as in what
0:48:01
what thought came into your mind about
0:48:04
the
0:48:05
the process on how we should do it in
0:48:08
the back end
0:48:10
as in what
0:48:12
what thought provoked that it should be
0:48:14
better um being
0:48:16
in the back end
0:48:18
in the dom it
0:48:21
um
0:48:24
because yeah what
0:48:26
what tori was saying and
0:48:28
yeah what tori was saying
0:48:30
in terms of um
0:48:32
you know it could be easier to
0:48:35
to manipulate in the front end so if
0:48:37
it's
0:48:38
you know if they in my perception
0:48:40
anyways right
0:48:42
um they could probably exploit the
0:48:45
you know whatever process we're using in
0:48:47
terms of the dom purifier in the front
0:48:48
end
0:48:49
um
0:48:51
you know how would they exploit
0:48:55
that
0:48:56
if we have
0:48:57
measurements in the client's
0:49:00
side
0:49:01
how would they bypass
0:49:04
or exploit that
0:49:06
um
0:49:07
i was thinking maybe if they knew
0:49:09
the
0:49:10
[Music]
0:49:11
of how you know don't purify is
0:49:13
implemented then they could you know
0:49:16
kind of it's kind of mim it makes it
0:49:19
harder of course is
0:49:20
but
0:49:22
you know they can get around that
0:49:23
is what i was thinking but if dom purify
0:49:26
was in the back and then it would be
0:49:27
harder to get around it
0:49:28
because they're basically executing the
0:49:31
the front end as
0:49:34
the script
0:49:36
oh yeah they're basically executing the
0:49:38
functions in still front end and
0:49:39
script.js right
0:49:42
to do this to do this hack or this
0:49:45
attack so so you're basically
0:49:48
uh
0:49:49
saying that if we place it in the client
0:49:52
side they would go in there
0:49:55
don't prefer
0:49:57
free posts see how they're working
0:50:00
figure it out
0:50:01
maybe it could take them days weeks
0:50:05
and then they will come back and
0:50:08
probably
0:50:12
pull a change in the original repo which
0:50:16
would make the dom prefire not work in a
0:50:20
client side
0:50:22
which we have implemented which means
0:50:25
that they would easily be able to bypass
0:50:27
it
0:50:31
that much
0:50:33
yeah that's a very long process but i
0:50:35
you know i assumed that
0:50:38
they could potentially be a
0:50:41
you know a
0:50:42
more
0:50:43
straightforward way
0:50:44
of them getting around that
0:50:47
not like you know that whole long
0:50:49
process
0:50:51
um
0:50:52
yeah i think i need to think about it a
0:50:54
little bit more to be honest but
0:50:57
yeah so
0:50:59
yeah what i was thinking is if it was in
0:51:02
the
0:51:03
back end right it would the messages
0:51:06
would still be sent as that's how they
0:51:08
are being inputted right like how
0:51:10
you know they're still gonna use the
0:51:12
dispatch websocket function and
0:51:15
um
0:51:16
you know enter it you know
0:51:19
that enter the
0:51:21
you know the html is raw okay
0:51:24
um and
0:51:26
how would they be able to enter the html
0:51:29
as a raw if we're already preventing
0:51:31
them in the client side
0:51:33
yeah so yeah i'm saying if we don't
0:51:35
implement it in the client side they
0:51:36
would essentially enter it as raw
0:51:40
yeah
0:51:41
and then
0:51:43
using the dong purifier
0:51:45
we would
0:51:47
clean up the message in everywhere that
0:51:50
they could possibly
0:51:52
everywhere that's a request is being
0:51:54
made right so
0:51:55
in that way maybe there would also be
0:51:58
less um
0:51:59
okay
0:52:01
right i see where you're coming from
0:52:04
basically you want to um implement it in
0:52:08
the back end because
0:52:11
if it was implemented in the client side
0:52:13
then they can all easily go and then
0:52:16
get up free
0:52:18
figure out a really quick way to bypass
0:52:20
it and just
0:52:23
start attacking
0:52:25
again
0:52:26
am i right
0:52:32
yeah yeah essentially if they could uh
0:52:35
if they know i guess how it's
0:52:36
implemented or
0:52:38
even um
0:52:40
yeah if they know how it's implemented
0:52:42
yeah
0:52:43
um
0:52:44
yeah that could be done but
0:52:48
saying that if we have it implemented in
0:52:52
the back end only
0:52:55
then that doesn't necessarily fulfill
0:52:58
the goal because
0:53:00
see the attacks are in the browser and
0:53:04
if someone does attacks in the browser
0:53:07
they would hear all
0:53:10
sorts of
0:53:11
noises as in
0:53:16
he's a doggy dog i'm a little teapot as
0:53:19
in those kind of set things but it's in
0:53:21
the browser itself
0:53:23
okay
0:53:27
to me according to my understanding it
0:53:30
doesn't really make sense if you
0:53:33
wanna implement it in the back end
0:53:35
because
0:53:36
the attack is being in a client side why
0:53:39
because the browser is on the client
0:53:41
side
0:53:42
even if we implement it in the back end
0:53:45
then
0:53:48
what's
0:53:50
how will we stop
0:53:52
the browser text
0:53:58
but the thing is
0:54:00
okay so okay maybe okay maybe i need to
0:54:03
get a better understanding of the
0:54:06
um
0:54:08
of how it's connected but
0:54:10
isn't
0:54:12
isn't it still that
0:54:13
the code is being executed you know
0:54:16
by
0:54:17
via the back end anyways because for the
0:54:20
web connection to work right web circuit
0:54:22
connections work
0:54:23
like it has to to go
0:54:25
um why the back end so
0:54:28
um in that sense that's
0:54:31
kind of what i'm saying right like i
0:54:32
understand what you're where you're
0:54:33
coming from
0:54:35
um
0:54:37
right
0:54:38
um if you can
0:54:40
so i've got a question
0:54:43
for you how is the
0:54:45
attack been being done at the moment
0:54:48
because you and
0:54:49
tory went through as in in the whole
0:54:53
investigation and i'm assuming
0:54:57
you and
0:54:58
sorry know how is it being done in the
0:55:00
in the in the in the browser
0:55:07
yeah but i can just show you briefly um
0:55:10
oh
0:55:11
no um i don't really wanna um
0:55:14
no i just wanna know as in from your
0:55:17
observation as in how do you think the
0:55:21
concept is
0:55:22
working as in from your understanding
0:55:26
okay
0:55:27
um so basically the
0:55:30
the function the websocket function in
0:55:33
the front end right
0:55:35
um
0:55:38
um
0:55:40
the attackers are using that websocket
0:55:42
function um um
0:55:45
from where can they see the websocket
0:55:47
string then
0:55:50
where can they see the websocket string
0:55:52
because obviously they can see the
0:55:54
websockets
0:55:57
websockets string and then they are
0:55:59
utilizing that
0:56:01
that to access
0:56:03
the connection
0:56:05
they can see that
0:56:06
the websocket function they can see it
0:56:09
through the front end yeah
0:56:12
through the front end where
0:56:16
oh what do you mean like through the
0:56:18
console um yes and where's the console
0:56:24
yeah the console is in the front end
0:56:27
right
0:56:28
yeah
0:56:31
um
0:56:32
and
0:56:33
ignore them ignore them
0:56:40
okay
0:56:41
so basically right
0:56:43
but because
0:56:44
they're inputting it the function in the
0:56:47
front end right
0:56:48
so they're using the function from the
0:56:50
front end i understand that
0:56:53
but still the message has to go from the
0:56:56
front end to the back end right so
0:56:58
that's
0:56:59
that's kind of
0:57:00
i guess my thought process was that only
0:57:03
when this set and the
0:57:06
the notes are being saved only then
0:57:12
but the web click web socket connection
0:57:14
isn't it still open to
0:57:17
it it is open for everybody right yes
0:57:19
and it still has to go via the back end
0:57:21
isn't that correct like
0:57:26
so
0:57:26
websocket connection according to me how
0:57:29
it
0:57:30
according to my understanding how it
0:57:32
works is
0:57:34
as
0:57:35
soon as a person visits the board
0:57:39
and one other connection is opened
0:57:44
okay that connection is in the
0:57:49
front end
0:57:50
but the connection details are saved
0:57:53
only in the back um in the
0:57:56
dynamodb which goes through the back end
0:58:00
so just the connection details
0:58:06
just the connection details okay
0:58:09
for example connection
0:58:12
id
0:58:15
and
0:58:16
the board
0:58:17
id as well
0:58:18
yeah
0:58:20
okay
0:58:23
um
0:58:26
[Music]
0:58:35
how about
0:58:36
if you
0:58:37
think about it we can probably have
0:58:39
another
0:58:40
champ basically or of
0:58:43
offline and um yeah we can take it from
0:58:46
there
0:58:47
yeah yeah okay i need to think about it
0:58:51
yeah and
0:58:52
i mean c is a complicated as in
0:58:55
architecture as in from
0:59:00
as in our experience as in because i'm
0:59:04
pretty sure it's
0:59:05
your first time
0:59:06
my first time and told his first time to
0:59:10
actually know the entire
0:59:12
app based on the architecture itself and
0:59:16
it it can be
0:59:18
complicated so it's always good to kind
0:59:21
of take
0:59:22
time
0:59:23
think about things and then
0:59:27
and then come back to it
0:59:29
yeah yeah okay so all right fantastic
0:59:33
all right wow the time just flew past 10
0:59:36
feet free already
0:59:39
damn
0:59:43
right
0:59:44
you want to do the honors yes sure
0:59:49
cool
0:59:51
thanks for
0:59:52
joining us everyone
0:59:54
on another episode of bill breaking fix
0:59:57
today we try to
0:59:59
fix the
1:00:01
exercise
1:00:03
vulnerability you know uh and on our
1:00:05
platform
1:00:07
um
1:00:08
and basically zayn and i had a
1:00:10
discussion about where would be the best
1:00:12
uh
1:00:14
would be the best side to
1:00:17
best
1:00:18
um
1:00:19
option of where we would implement it
1:00:21
either front and a back end
1:00:23
and yeah i think for me personally i
1:00:25
want to
1:00:26
have a bit more of a look at the
1:00:29
and understand a bit more about how the
1:00:31
connection's being made and then
1:00:33
um yeah better understand it
1:00:35
but yeah anyways good discussions and i
1:00:37
think so anyways um and if you'd like to
1:00:40
see how this plays out then join us
1:00:43
tomorrow
1:00:44
same time same place and
1:00:47
the same task
1:00:50
all right guys
1:00:51
thanks for joining and yeah we'll see
1:00:54
you
1:00:54
tomorrow bye for now
Other clips featured in this episode