Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OWASP Top 10 Overview

evandentremont
December 17, 2020
Programming
0
36

OWASP Top 10 Overview

evandentremont

December 17, 2020
Tweet

More Decks by evandentremont

See All by evandentremont
1,2,3,4 I Declare Cyber War
evandentremont
2
960
Fixing Infosec
evandentremont
0
95
BTC: Currency or Commodity?
evandentremont
0
80
Immunizing IoT
evandentremont
0
67
Defeating Next Gen Firewalls
evandentremont
1
64
Next Gen Botnet C&C
evandentremont
0
70
SQLi Injection attacks & mitigation
evandentremont
0
82

Other Decks in Programming

See All in Programming
⚪⚪の⚪⚪をSwiftUIで再現す る
u503
0
130
Visual StudioのGitHub Copilotでいろいろやってみる
tomokusaba
1
220
Ça bouge du côté des animations CSS !
goetter
2
160
ナレッジイネイブリングにAIを活用してみる ゆるSRE勉強会 #9
nealle
0
170
Google Cloudとo11yで実現するアプリケーション開発者主体のDB改善
nnaka2992
1
130
Boos Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
660
Expoによるアプリ開発の現在地とReact Server Componentsが切り開く未来
yukukotani
2
240
機能が複雑化しても 頼りになる FactoryBotの話
tamikof
1
250
kintone開発を効率化するためにチームで試した施策とその結果を大放出!
oguemon
0
360
データベースのオペレーターであるCloudNativePGがStatefulSetを使わない理由に迫る
nnaka2992
0
250
もう少しテストを書きたいんじゃ〜 #phpstudy
o0h
PRO
21
4.4k
ABEMA iOS 大規模プロジェクトにおける段階的な技術刷新 / ABEMA iOS Technology Upgrade
akkyie
1
250

Featured

See All Featured
Agile that works and the tools we love
rasmusluckow
328
21k
Facilitating Awesome Meetings
lara
53
6.3k
Site-Speed That Sticks
csswizardry
4
420
The Cost Of JavaScript in 2023
addyosmani
47
7.5k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
260
Speed Design
sergeychernyshev
28
820
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
21
2.5k
Docker and Python
trallard
44
3.3k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
Product Roadmaps are Hard
iamctodd
PRO
51
11k
Reflections from 52 weeks, 52 projects
jeffersonlam
348
20k
A Philosophy of Restraint
colly
203
16k

Transcript

  1. None

  2. • • •

  3. • • • • • • • • • •

  4. • • • • • • • • • •

  5. • • • • • • • • • •

  6. • • • • • • • • • •

  7. • • • • • • • • • •

  8. • • • • • • • • • •

  9. • • • • • • • • • •

    • • • • • • • • • •

  10. • • • • • • • • • •

    • • • • • • • • • •

  11. • • • • • • • • • •

  12. None

  13. • • • •

  14. None

  15. • • •

  16. None
  17. None

  18. <?php class file { public $file = “file.txt” public $data

    = “some text” function __destruct(){ file_put_contents($this->file, $this->data); } } O:3{:”file”:2:{s:4:”file”;s:12:”file.txt”;s:4:”data”;s:9:”some text”};}

  19. O:3{:”file”:2:{s:4:”file”;s:9:”shell.php”;s:8:”<?php ?>”;s:9:”some text”};} <?php file_put_contents(”shell.php”, “<?php ?>”); ?>

  20. • • • •

  21. None
  22. None

  23. • • • •

  24. • – <script>X</script>, <!--X-->, <div X=”y”>, <X></X>, <style>X</style> • –

    <div attr=X>, <div attr=”X”>, <div attr=’X’> • – <script>alert(‘X’), data=’X’, <div onClick=”data=’X’” – selector { property:X;}, <span style=”property:X;”>
  25. None
  26. None
  27. None

  28. • • • •

  29. None
  30. None

  31. • • • • • • •

  32. None
  33. None
  34. None

  35. • • • •

  36. None

  37. • • • • • • •

  38. None

  39. • – • – • –

  40. • – • – • –

  41. • • • • •

  42. None

  43. • • – – •

  44. • • • • • •

  45. None

  46. • • •

  47. None