Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OWASP Top 10 Overview
Search
evandentremont
December 17, 2020
Programming
0
42
OWASP Top 10 Overview
evandentremont
December 17, 2020
Tweet
Share
More Decks by evandentremont
See All by evandentremont
1,2,3,4 I Declare Cyber War
evandentremont
2
990
Fixing Infosec
evandentremont
0
98
BTC: Currency or Commodity?
evandentremont
0
83
Immunizing IoT
evandentremont
0
79
Defeating Next Gen Firewalls
evandentremont
1
69
Next Gen Botnet C&C
evandentremont
0
75
SQLi Injection attacks & mitigation
evandentremont
0
96
Other Decks in Programming
See All in Programming
私はどうやって技術力を上げたのか
yusukebe
43
17k
明日から始めるリファクタリング
ryounasso
0
120
CSC509 Lecture 04
javiergs
PRO
0
300
Back to the Future: Let me tell you about the ACP protocol
terhechte
0
130
Model Pollution
hschwentner
1
180
CSC509 Lecture 03
javiergs
PRO
0
330
なぜGoのジェネリクスはこの形なのか? Featherweight Goが明かす設計の核心
ryotaros
7
1k
タスクの特性や不確実性に応じた最適な作業スタイルの選択(ペアプロ・モブプロ・ソロプロ)と実践 / Optimal Work Style Selection: Pair, Mob, or Solo Programming.
honyanya
3
140
Web フロントエンドエンジニアに開かれる AI Agent プロダクト開発 - Vercel AI SDK を観察して AI Agent と仲良くなろう! #FEC余熱NIGHT
izumin5210
3
400
クラシルを支える技術と組織
rakutek
0
190
Web技術を最大限活用してRAW画像を現像する / Developing RAW Images on the Web
ssssota
2
1.2k
育てるアーキテクチャ:戦い抜くPythonマイクロサービスの設計と進化戦略
fujidomoe
1
150
Featured
See All Featured
Embracing the Ebb and Flow
colly
88
4.8k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.2k
Bash Introduction
62gerente
615
210k
Context Engineering - Making Every Token Count
addyosmani
5
180
Gamification - CAS2011
davidbonilla
81
5.5k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
610
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
61k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.5k
Fireside Chat
paigeccino
40
3.7k
Mobile First: as difficult as doing things right
swwweet
224
10k
Transcript
None
• • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
None
• • • •
None
• • •
None
None
<?php class file { public $file = “file.txt” public $data
= “some text” function __destruct(){ file_put_contents($this->file, $this->data); } } O:3{:”file”:2:{s:4:”file”;s:12:”file.txt”;s:4:”data”;s:9:”some text”};}
O:3{:”file”:2:{s:4:”file”;s:9:”shell.php”;s:8:”<?php ?>”;s:9:”some text”};} <?php file_put_contents(”shell.php”, “<?php ?>”); ?>
• • • •
None
None
• • • •
• – <script>X</script>, <!--X-->, <div X=”y”>, <X></X>, <style>X</style> • –
<div attr=X>, <div attr=”X”>, <div attr=’X’> • – <script>alert(‘X’), data=’X’, <div onClick=”data=’X’” – selector { property:X;}, <span style=”property:X;”>
None
None
None
• • • •
None
None
• • • • • • •
None
None
None
• • • •
None
• • • • • • •
None
• – • – • –
• – • – • –
• • • • •
None
• • – – •
• • • • • •
None
• • •
None
evandentremont
yusukebe
ryounasso
javiergs
terhechte
hschwentner
ryotaros
honyanya
izumin5210
rakutek
ssssota
fujidomoe
colly
samanthasiow
62gerente
addyosmani
davidbonilla
marktimemedia
iamctodd
bluesmoon
lemiorhan
honnibal
paigeccino
swwweet
