Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OWASP Top 10 Overview
Search
evandentremont
December 17, 2020
Programming
0
32
OWASP Top 10 Overview
evandentremont
December 17, 2020
Tweet
Share
More Decks by evandentremont
See All by evandentremont
1,2,3,4 I Declare Cyber War
evandentremont
2
860
Fixing Infosec
evandentremont
0
89
BTC: Currency or Commodity?
evandentremont
0
70
Immunizing IoT
evandentremont
0
60
Defeating Next Gen Firewalls
evandentremont
1
54
Next Gen Botnet C&C
evandentremont
0
63
SQLi Injection attacks & mitigation
evandentremont
0
67
Other Decks in Programming
See All in Programming
Apache Hive 4 on Treasure Data
ryukobayashi
0
250
HUIT新歓2024「競技プログラミング、やってみませんか?」
slephy2784
1
270
"config" ってなんだ? / What is "config"?
okashoi
0
240
DMMプラットフォームがTiDB Cloudを採用した背景
pospome
8
4.1k
Rethinking UI building strategies @ SFI 2024
letelete
0
270
Hanami and htmx
bkuhlmann
0
210
CA.swift19 恋するAIアプリ開発の裏側
oskmr
0
360
Java 22 Overview
kishida
1
180
Git Rebase
bkuhlmann
11
1.6k
『Railsオワコン』と言われる時代に、なぜブルーモ証券はRailsを選ぶのか
free_world21
0
150
AWS Application Composerで始める、 サーバーレスなデータ基盤構築 / 20240406-jawsug-hokuriku-shinkansen
kasacchiful
1
260
Random\Randomizer クラスで日常のあれこれを解決しよう! / Random\Randomizer class solves familiar trouble
cocoeyes02
0
240
Featured
See All Featured
Art, The Web, and Tiny UX
lynnandtonic
289
19k
Debugging Ruby Performance
tmm1
70
11k
How GitHub (no longer) Works
holman
304
140k
Building Applications with DynamoDB
mza
88
5.6k
Imperfection Machines: The Place of Print at Facebook
scottboms
260
12k
Docker and Python
trallard
34
2.7k
The Pragmatic Product Professional
lauravandoore
25
5.8k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Building an army of robots
kneath
300
41k
YesSQL, Process and Tooling at Scale
rocio
164
13k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
221
21k
Optimising Largest Contentful Paint
csswizardry
8
2.4k
Transcript
None
• • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
• • • • • • • • • •
None
• • • •
None
• • •
None
None
<?php class file { public $file = “file.txt” public $data
= “some text” function __destruct(){ file_put_contents($this->file, $this->data); } } O:3{:”file”:2:{s:4:”file”;s:12:”file.txt”;s:4:”data”;s:9:”some text”};}
O:3{:”file”:2:{s:4:”file”;s:9:”shell.php”;s:8:”<?php ?>”;s:9:”some text”};} <?php file_put_contents(”shell.php”, “<?php ?>”); ?>
• • • •
None
None
• • • •
• – <script>X</script>, <!--X-->, <div X=”y”>, <X></X>, <style>X</style> • –
<div attr=X>, <div attr=”X”>, <div attr=’X’> • – <script>alert(‘X’), data=’X’, <div onClick=”data=’X’” – selector { property:X;}, <span style=”property:X;”>
None
None
None
• • • •
None
None
• • • • • • •
None
None
None
• • • •
None
• • • • • • •
None
• – • – • –
• – • – • –
• • • • •
None
• • – – •
• • • • • •
None
• • •
None