cookies, csrf, and xss

Transcript

1. 2014೥Ն ਫՌ෩ຯతcsrf the Book (ֲढ़ّ)

2. ࢼஶ༻ၷݸෆಉతாᥒࡏෆಉᖣ᧸ث҃ిᡵ্ొೖ

3. ࠶ಉ㑊ॴ༗cookie

4. ٙ!! 㠥Ұ୆ిᡵొೖྃɼෆधཁாີɺҰᒬత໊ࣈ!!!

5. ੋతɼେ෦෼త໢᜾༻cookieመ࡞ᒟݶɻ গྃҰᴍᴍతᒾ查ɺ ࢖༻ऀᱪᱛߋՂʂ ୠੋ...

6. ੥෰༻ https://speakerdeck.com/mrorz/selected- topics-on-website-security-at-102-2-ccsp

7. csrfͱ͸ ˒ሣ࢖༻ऀࣕݴɼҰ छෆೳစᴍత౦੢

8. መ࡞csrf ೺add_page.htmlతݪ࢝ᛰଘԼိɼመ࡞Ұݸ૬ ಉతෳ੡඼ɼهಘactionཁվ੒㘺ሣ࿏ኸ

9. csrf݁Ռ Djangoత႔ཧೳ㢨զ၇ᱛᨽग़csrfɼॴҎ੥هಘ ࠾༻csrf_token࿨૬᮫౟݅ɻ

10. xssͱ͸ ˒ ሣᆦਓࣕݴɼҰछೳዱ ҙ࠹ೖ໢ทత౦੢

11. መ࡞xss ࡏ䓟తadd_categoryதpo্Ṝcategoryࢼࢼ ʮ”></a><script>while (true) {alert("੥ᔧܥ౷؅ཧһ");}</script><a>ʯ

12. ༬ظత݁Ռ೗ࠨɼୠመࡍ্Django㢨զ၇၏ྃauto escape

13. -୆େࢿ㘤ܥCCSPॿڭ-MrOrz -੒େి௨ॴࢿ㘤҆શ-༶஛੕ -How to Tango with Django-David Maxwell ײँɺ౤Өยჩߟ