Exposing the GIT

Let’s start with defining the meaning of GIT.

GIT – is an open-source system which we use as a tool to store data and information in order to manage versions of a certain software while in both the development and post-development stages.

GIT basically takes a picture of what all your files look like at that moment and stores a reference to that snapshot, it saves those files no matter their file extensions as a group of snapshots that are the “copies” of those files, which makes it very efficient.

GIT assist developers in managing codes , coordination with other team members and assists us in tracking new changes in the software files.

GIT creates solidarity, and through this solidarity, the progress of work is much faster and more efficient.

And most importantly, since GIT is a version control system, each of her libraries is considered a database on itself with full documentation and version change tracking options, regardless of network access or central server, meaning that every small detail does not exist on one or two workstations, it exists on all workstations simultaneously.

The GIT system was created in 2005 and, as of now, considered the most popular version control system, you can use the software on websites like the famous GITHUB, or GITLAB.

If you’re interested in more you can see the creator of GIT; Linus Torvalds present it right here.

All in all, you only get benefits and everything sounds great right? wrong.
Let’s talk about leaving your GIT “exposed” :
If you leave the .git folder accessible to the public, it gives access to your source code to everyone on the internet, including those mask-wearing-hackers who would just love to get their hands on your very precious “cargo”, also, if you accidentally deploy your .GIT folder along with the web application you just spent months and even years creating ( remember : devs are considered to be “human-beings”) the attacker could easily use it for his own good by downloading the entire source code and any other sensitive data the folder might contain (exploitation of vulnerability).
The attacker will probably use tools like “GitDownloader” to download your folder, or if the files are encrypted he can simply decode it using tools such as git-dumper (seriously, that’s the name) and such.

So kids, It’s a terrible world out there does it?
The ultimate way to prevent this attacks from taking place is, as always, turn to the pros,
in cytrix, we will “brute-force”, “pen-test” (and other cool, explosive expressions) to make sure no tired developer or any mistake got made goes undone, stay safe, choose Cytrix.

Servers 101

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Cytrix! If you’ve been on the internet for...

Read More