Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
OWASP Top 10 Overview
evandentremont
December 17, 2020
Programming
0
28
OWASP Top 10 Overview
evandentremont
December 17, 2020
Tweet
Share
More Decks by evandentremont
See All by evandentremont
1,2,3,4 I Declare Cyber War
evandentremont
2
770
Fixing Infosec
evandentremont
0
79
BTC: Currency or Commodity?
evandentremont
0
63
Immunizing IoT
evandentremont
0
53
Defeating Next Gen Firewalls
evandentremont
1
36
Next Gen Botnet C&C
evandentremont
0
56
SQLi Injection attacks & mitigation
evandentremont
0
41
Other Decks in Programming
See All in Programming
Git Rebase
bkuhlmann
10
1.2k
まだ日本国内で利用できないAppActionsにトライしてみた / MoT TechTalk #15
mot_techtalk
0
130
Findy - エンジニア向け会社紹介 / Findy Letter for Engineers
findyinc
2
42k
(新米)エンジニアリングマネージャーのしごと #RSGT2023
murabayashi
9
5.9k
Enumを自動で網羅的にテストしてみた
estie
0
1.3k
Form実装基本を学び直してみた
hyugatsukui
0
250
なぜRubyコミュニティにコミットするのか?
luccafort
0
320
コンピュータビジョンセミナー2 / computer_vision_seminar_libSGM
fixstars
0
320
Cloudflare Workersと状態管理
chimame
3
490
レガシーフレームワークからの移行
ug
0
120
[2023년 1월 세미나] 데이터 분석가 되면 어떤 일을 하나요?
datarian
0
610
Amazon QuickSightのアップデート -re:Invent 2022の復習&2022年ハイライト-
shogo452
0
240
Featured
See All Featured
Creatively Recalculating Your Daily Design Routine
revolveconf
207
11k
Gamification - CAS2011
davidbonilla
75
4.1k
Raft: Consensus for Rubyists
vanstee
130
5.7k
Designing for Performance
lara
600
65k
Imperfection Machines: The Place of Print at Facebook
scottboms
254
12k
The Art of Programming - Codeland 2020
erikaheidi
36
11k
BBQ
matthewcrist
75
8.1k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
15
1.2k
Infographics Made Easy
chrislema
235
17k
Why Our Code Smells
bkeepers
PRO
326
55k
The Web Native Designer (August 2011)
paulrobertlloyd
76
2.2k
Building an army of robots
kneath
301
40k
Transcript
None
• • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
None
• • • •
None
• • •
None
None
<?php class file { public $file = “file.txt” public $data
= “some text” function __destruct(){ file_put_contents($this->file, $this->data); } } O:3{:”file”:2:{s:4:”file”;s:12:”file.txt”;s:4:”data”;s:9:”some text”};}
O:3{:”file”:2:{s:4:”file”;s:9:”shell.php”;s:8:”<?php ?>”;s:9:”some text”};} <?php file_put_contents(”shell.php”, “<?php ?>”); ?>
• • • •
None
None
• • • •
• – <script>X</script>, <!--X-->, <div X=”y”>, <X></X>, <style>X</style> • –
<div attr=X>, <div attr=”X”>, <div attr=’X’> • – <script>alert(‘X’), data=’X’, <div onClick=”data=’X’” – selector { property:X;}, <span style=”property:X;”>
None
None
None
• • • •
None
None
• • • • • • •
None
None
None
• • • •
None
• • • • • • •
None
• – • – • –
• – • – • –
• • • • •
None
• • – – •
• • • • • •
None
• • •
None