Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OWASP Top 10 Overview
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
evandentremont
December 17, 2020
Programming
0
44
OWASP Top 10 Overview
evandentremont
December 17, 2020
Tweet
Share
More Decks by evandentremont
See All by evandentremont
1,2,3,4 I Declare Cyber War
evandentremont
2
1k
Fixing Infosec
evandentremont
0
99
BTC: Currency or Commodity?
evandentremont
0
84
Immunizing IoT
evandentremont
0
81
Defeating Next Gen Firewalls
evandentremont
1
71
Next Gen Botnet C&C
evandentremont
0
77
SQLi Injection attacks & mitigation
evandentremont
0
99
Other Decks in Programming
See All in Programming
dchart: charts from deck markup
ajstarks
3
980
インターン生でもAuth0で 認証基盤刷新が出来るのか
taku271
0
190
今から始めるClaude Code超入門
448jp
7
7.8k
公共交通オープンデータ × モバイルUX 複雑な運行情報を 『直感』に変換する技術
tinykitten
PRO
0
200
それ、本当に安全? ファイルアップロードで見落としがちなセキュリティリスクと対策
penpeen
7
2.4k
フルサイクルエンジニアリングをAI Agentで全自動化したい 〜構想と現在地〜
kamina_zzz
0
400
プロダクトオーナーから見たSOC2 _SOC2ゆるミートアップ#2
kekekenta
0
170
GISエンジニアから見たLINKSデータ
nokonoko1203
0
200
ELYZA_Findy AI Engineering Summit登壇資料_AIコーディング時代に「ちゃんと」やること_toB LLMプロダクト開発舞台裏_20251216
elyza
2
1.4k
コマンドとリード間の連携に対する脅威分析フレームワーク
pandayumi
1
440
SourceGeneratorのススメ
htkym
0
170
開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter
tasshi
0
180
Featured
See All Featured
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
150
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
270
How to train your dragon (web standard)
notwaldorf
97
6.5k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
53
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
Measuring Dark Social's Impact On Conversion and Attribution
stephenakadiri
1
110
How to Ace a Technical Interview
jacobian
281
24k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
Code Review Best Practice
trishagee
74
20k
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
0
130
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
110
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3.1k
Transcript
None
• • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
None
• • • •
None
• • •
None
None
<?php class file { public $file = “file.txt” public $data
= “some text” function __destruct(){ file_put_contents($this->file, $this->data); } } O:3{:”file”:2:{s:4:”file”;s:12:”file.txt”;s:4:”data”;s:9:”some text”};}
O:3{:”file”:2:{s:4:”file”;s:9:”shell.php”;s:8:”<?php ?>”;s:9:”some text”};} <?php file_put_contents(”shell.php”, “<?php ?>”); ?>
• • • •
None
None
• • • •
• – <script>X</script>, <!--X-->, <div X=”y”>, <X></X>, <style>X</style> • –
<div attr=X>, <div attr=”X”>, <div attr=’X’> • – <script>alert(‘X’), data=’X’, <div onClick=”data=’X’” – selector { property:X;}, <span style=”property:X;”>
None
None
None
• • • •
None
None
• • • • • • •
None
None
None
• • • •
None
• • • • • • •
None
• – • – • –
• – • – • –
• • • • •
None
• • – – •
• • • • • •
None
• • •
None
evandentremont
ajstarks
taku271
448jp
tinykitten
penpeen
kamina_zzz
kekekenta
nokonoko1203
elyza
pandayumi
htkym
tasshi
nikkihalliwell
akashhashmi
notwaldorf
ryanjones
bluesmoon
stephenakadiri
jacobian
chrisshort
trishagee
baasie
sabderemane
danielanewman
