Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OWASP Top 10 Overview
Search
evandentremont
December 17, 2020
Programming
0
40
OWASP Top 10 Overview
evandentremont
December 17, 2020
Tweet
Share
More Decks by evandentremont
See All by evandentremont
1,2,3,4 I Declare Cyber War
evandentremont
2
990
Fixing Infosec
evandentremont
0
97
BTC: Currency or Commodity?
evandentremont
0
82
Immunizing IoT
evandentremont
0
78
Defeating Next Gen Firewalls
evandentremont
1
68
Next Gen Botnet C&C
evandentremont
0
74
SQLi Injection attacks & mitigation
evandentremont
0
95
Other Decks in Programming
See All in Programming
ファインディ株式会社におけるMCP活用とサービス開発
starfish719
0
2.1k
2025 年のコーディングエージェントの現在地とエンジニアの仕事の変化について
azukiazusa1
24
12k
CloudflareのChat Agent Starter Kitで簡単!AIチャットボット構築
syumai
2
510
旅行プランAIエージェント開発の裏側
ippo012
2
930
さようなら Date。 ようこそTemporal! 3年間先行利用して得られた知見の共有
8beeeaaat
3
1.5k
複雑なフォームに立ち向かう Next.js の技術選定
macchiitaka
2
240
GitHubとGitLabとAWS CodePipelineでCI/CDを組み比べてみた
satoshi256kbyte
4
250
AI時代のUIはどこへ行く?
yusukebe
18
9.1k
Ruby Parser progress report 2025
yui_knk
1
460
MCPとデザインシステムに立脚したデザインと実装の融合
yukukotani
4
1.5k
スケールする組織の実現に向けた インナーソース育成術 - ISGT2025
teamlab
PRO
2
170
ユーザーも開発者も悩ませない TV アプリ開発 ~Compose の内部実装から学ぶフォーカス制御~
taked137
0
190
Featured
See All Featured
The World Runs on Bad Software
bkeepers
PRO
70
11k
Faster Mobile Websites
deanohume
309
31k
Raft: Consensus for Rubyists
vanstee
140
7.1k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.6k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.7k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
850
Building Adaptive Systems
keathley
43
2.7k
Music & Morning Musume
bryan
46
6.8k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.1k
Why Our Code Smells
bkeepers
PRO
339
57k
Transcript
None
• • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
None
• • • •
None
• • •
None
None
<?php class file { public $file = “file.txt” public $data
= “some text” function __destruct(){ file_put_contents($this->file, $this->data); } } O:3{:”file”:2:{s:4:”file”;s:12:”file.txt”;s:4:”data”;s:9:”some text”};}
O:3{:”file”:2:{s:4:”file”;s:9:”shell.php”;s:8:”<?php ?>”;s:9:”some text”};} <?php file_put_contents(”shell.php”, “<?php ?>”); ?>
• • • •
None
None
• • • •
• – <script>X</script>, <!--X-->, <div X=”y”>, <X></X>, <style>X</style> • –
<div attr=X>, <div attr=”X”>, <div attr=’X’> • – <script>alert(‘X’), data=’X’, <div onClick=”data=’X’” – selector { property:X;}, <span style=”property:X;”>
None
None
None
• • • •
None
None
• • • • • • •
None
None
None
• • • •
None
• • • • • • •
None
• – • – • –
• – • – • –
• • • • •
None
• • – – •
• • • • • •
None
• • •
None