Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OWASP Top 10 Overview
Search
evandentremont
December 17, 2020
Programming
0
36
OWASP Top 10 Overview
evandentremont
December 17, 2020
Tweet
Share
More Decks by evandentremont
See All by evandentremont
1,2,3,4 I Declare Cyber War
evandentremont
2
960
Fixing Infosec
evandentremont
0
95
BTC: Currency or Commodity?
evandentremont
0
80
Immunizing IoT
evandentremont
0
67
Defeating Next Gen Firewalls
evandentremont
1
64
Next Gen Botnet C&C
evandentremont
0
70
SQLi Injection attacks & mitigation
evandentremont
0
82
Other Decks in Programming
See All in Programming
5分で理解する SOLID 原則 #phpcon_nagoya
shogogg
1
410
[JAWS DAYS 2025] 最近の DB の競合解決の仕組みが分かった気になってみた
maroon1st
0
160
GoとPHPのインターフェイスの違い
shimabox
2
220
読まないコードリーディング術
hisaju
0
110
責務と認知負荷を整える! 抽象レベルを意識した関心の分離
yahiru
8
1.5k
データベースのオペレーターであるCloudNativePGがStatefulSetを使わない理由に迫る
nnaka2992
0
250
Go 1.24でジェネリックになった型エイリアスの紹介
syumai
2
300
Webフレームワークとともに利用するWeb components / JSConf.jp おかわり
spring_raining
1
130
「個人開発マネタイズ大全」が教えてくれたこと
bani24884
1
290
iOSでQRコード生成奮闘記
ktcryomm
2
120
ML.NETで始める機械学習
ymd65536
0
240
React 19アップデートのために必要なこと
uhyo
8
1.6k
Featured
See All Featured
A designer walks into a library…
pauljervisheath
205
24k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Fireside Chat
paigeccino
35
3.2k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1.1k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
260
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.3k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.3k
Making Projects Easy
brettharned
116
6k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
It's Worth the Effort
3n
184
28k
Transcript
None
• • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
None
• • • •
None
• • •
None
None
<?php class file { public $file = “file.txt” public $data
= “some text” function __destruct(){ file_put_contents($this->file, $this->data); } } O:3{:”file”:2:{s:4:”file”;s:12:”file.txt”;s:4:”data”;s:9:”some text”};}
O:3{:”file”:2:{s:4:”file”;s:9:”shell.php”;s:8:”<?php ?>”;s:9:”some text”};} <?php file_put_contents(”shell.php”, “<?php ?>”); ?>
• • • •
None
None
• • • •
• – <script>X</script>, <!--X-->, <div X=”y”>, <X></X>, <style>X</style> • –
<div attr=X>, <div attr=”X”>, <div attr=’X’> • – <script>alert(‘X’), data=’X’, <div onClick=”data=’X’” – selector { property:X;}, <span style=”property:X;”>
None
None
None
• • • •
None
None
• • • • • • •
None
None
None
• • • •
None
• • • • • • •
None
• – • – • –
• – • – • –
• • • • •
None
• • – – •
• • • • • •
None
• • •
None