Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OWASP Top 10 Overview
Search
evandentremont
December 17, 2020
Programming
48
0
Share
OWASP Top 10 Overview
evandentremont
December 17, 2020
More Decks by evandentremont
See All by evandentremont
1,2,3,4 I Declare Cyber War
evandentremont
2
1k
Fixing Infosec
evandentremont
0
110
BTC: Currency or Commodity?
evandentremont
0
90
Immunizing IoT
evandentremont
0
92
Defeating Next Gen Firewalls
evandentremont
1
80
Next Gen Botnet C&C
evandentremont
0
85
SQLi Injection attacks & mitigation
evandentremont
0
110
Other Decks in Programming
See All in Programming
TypeSpec で繋ぐ複数プロダクトの型安全
maroon8021
1
260
Java × distroless で 軽量なコンテナイメージを / Java on Distroless
contour_gara
0
380
バックエンドにElysiaJSを採用して気付いた、良い点・悪い点
wanko_it
1
180
Composerを使ったサプライチェーン攻撃の様子を眺めてみる #phpstudy
o0h
PRO
2
180
ビジネスモデルから紐解く、AI+型駆動開発
hirokiomote
2
3.5k
Copilot CLI の継戦能力を高める コンテキスト管理
nozomutu
1
1.1k
TSKaigi2026-静的解析への投資がAI時代のコード品質を支える ── カスタムESLintルールの設計と運用
hayatokudou
6
1.2k
Hive Metastoreを通して学ぶIceberg REST Catalog ― 仕様から実装まで
okumin
0
290
自動レビューエンジンの実装と運用 ~レビューのない世界へ~
kurukuru1999
2
280
Oxlintのカスタムルールの現況
syumai
5
800
誰も頼んでない機能を出荷した話
zekutax
0
150
CSC307 Lecture 17
javiergs
PRO
0
260
Featured
See All Featured
Speed Design
sergeychernyshev
33
1.7k
How to train your dragon (web standard)
notwaldorf
97
6.6k
Skip the Path - Find Your Career Trail
mkilby
1
130
Typedesign – Prime Four
hannesfritz
42
3.1k
For a Future-Friendly Web
brad_frost
183
10k
The Cult of Friendly URLs
andyhume
79
6.9k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
390
Tell your own story through comics
letsgokoyo
1
930
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
8.1k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
The SEO Collaboration Effect
kristinabergwall1
1
460
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Transcript
None
• • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
None
• • • •
None
• • •
None
None
<?php class file { public $file = “file.txt” public $data
= “some text” function __destruct(){ file_put_contents($this->file, $this->data); } } O:3{:”file”:2:{s:4:”file”;s:12:”file.txt”;s:4:”data”;s:9:”some text”};}
O:3{:”file”:2:{s:4:”file”;s:9:”shell.php”;s:8:”<?php ?>”;s:9:”some text”};} <?php file_put_contents(”shell.php”, “<?php ?>”); ?>
• • • •
None
None
• • • •
• – <script>X</script>, <!--X-->, <div X=”y”>, <X></X>, <style>X</style> • –
<div attr=X>, <div attr=”X”>, <div attr=’X’> • – <script>alert(‘X’), data=’X’, <div onClick=”data=’X’” – selector { property:X;}, <span style=”property:X;”>
None
None
None
• • • •
None
None
• • • • • • •
None
None
None
• • • •
None
• • • • • • •
None
• – • – • –
• – • – • –
• • • • •
None
• • – – •
• • • • • •
None
• • •
None
evandentremont
maroon8021
contour_gara
wanko_it
o0h
hirokiomote
nozomutu
hayatokudou
okumin
kurukuru1999
syumai
zekutax
javiergs
sergeychernyshev
notwaldorf
mkilby
hannesfritz
brad_frost
andyhume
inesmontani
letsgokoyo
eileencodes
cassininazir
kristinabergwall1
aleyda
