Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Are you content with our current attacks on Con...
Search
GMO Flatt Security
August 05, 2024
2
320
Are you content with our current attacks on Content-Type?
A presentation for BSides Las Vegas 2024.
GMO Flatt Security
August 05, 2024
Tweet
Share
More Decks by GMO Flatt Security
See All by GMO Flatt Security
開発組織のための セキュアコーディング研修の始め方
flatt_security
3
2.2k
GMO Flatt SecurityにおけるKubernetesセキュリティ診断について
flatt_security
0
73
Flatt Security XSS Challenge 解答・解説
flatt_security
0
1.2k
GMO Flatt Security 会社紹介資料
flatt_security
0
6.1k
codeblue_2024_opentalks.pdf
flatt_security
0
100
開発生産性をむしろ向上させる セキュリティパートナーの作り方 / Dev Productivity Con 2024
flatt_security
0
1.1k
XSS using dirty Content Type in cloud era
flatt_security
2
16k
「企画力」次第でテックブログのネタは尽きない / How to plan a tech blog
flatt_security
3
660
【2025卒向け】新卒採用・会社説明資料 / Culture Deck for 2025 newgrads
flatt_security
0
1.6k
Featured
See All Featured
Build your cross-platform service in a week with App Engine
jlugia
229
18k
The World Runs on Bad Software
bkeepers
PRO
67
11k
Side Projects
sachag
452
42k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.2k
How STYLIGHT went responsive
nonsquared
98
5.4k
Raft: Consensus for Rubyists
vanstee
137
6.8k
Fashionably flexible responsive web design (full day workshop)
malarkey
406
66k
Making the Leap to Tech Lead
cromwellryan
133
9.1k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.3k
How to train your dragon (web standard)
notwaldorf
91
5.8k
Become a Pro
speakerdeck
PRO
26
5.1k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
Transcript
"SFZPVDPOUFOUXJUIPVSDVSSFOU BUUBDLTPO$POUFOU5ZQF B[BSB !B@[BSB@O FJ !FJ 'MBUU4FDVSJUZJOD
6OFYQFDUFEQBUIGSPN)551SFTQPOTF VOFYQFDUFEBUUBDLQBUI
4FMGJOUSPEVDUJPOFJ &JKJ.PSJFJ 9!FJ 'MBUU4FDVSJUZJOD .VTDMF#SBJO
/PSJIJEF4BJUPB[BSB 9!B@[BSB@O 'MBUU4FDVSJUZJOD 4FMGJOUSPEVDUJPOB[BSB IUUQTNJTDB[BSBKQ3&"%.&
5PQJDT
8IBUJT$POUFOU5ZQF 0MEBUUBDLQBUIJO)551SFTQPOTF /FXBUUBDLQBUIJO)551SFTQPOTF #VH#PVOUZQSPHSBNSFTFBSDI 044SFTFBSDI .JUJHBUJPOT 5PQJDT
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF &YUFOTJPO QOHKQH $POUFOU5ZQF JNBHFQOHJNBHFKQH .BHJDCZUF
0MEBUUBDLQBUIJO)551SFTQPOTF &YUFOTJPO QOHKQH $POUFOU5ZQF JNBHFQOHJNBHFKQH .BHJDCZUF
0MEBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
8IBUJT0CKFDU4UPSBHF %BUB .FUBEBUB
8IBUJT0CKFDU4UPSBHF %BUB .FUBEBUB $POUFOU5ZQF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF 'PSHPUWBMJEBUJPO
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
#VH#PVOUZQSPHSBNSFTFBSDI
%JTDPWFSZJO#VH#PVOUZQSPHSBN /PWBMJEBUJPO
%JTDPWFSZJO#VH#PVOUZQSPHSBN /PUVTJOH4
%JTDPWFSZJO#VH#PVOUZQSPHSBN "DDVSBUFWBMJEBUJPO
044SFTFBSDI
$PEFTFBSDI
$PEFTFBSDI
$PEFTFBSDI
$PEFTFBSDI /PWBMJEBUJPOPSMBYWBMJEBUJPO
$PEFTFBSDI /PWBMJEBUJPOPSMBYWBMJEBUJPO 😨
/PWBMJEBUJPO
/PWBMJEBUJPOJO)551SFRVFTU
/PWBMJEBUJPO /PWBMJEBUJPO
/PWBMJEBUJPO&YBNQMF
/PWBMJEBUJPO&YBNQMF 6TFEJSFDUWBMVFT
/PWBMJEBUJPO&YBNQMF
/PWBMJEBUJPO&YBNQMF 7BMJEBUJPO GSPOUFOEPOMZ
/PWBMJEBUJPO&YBNQMF 6QMPBE UFYUIUNM
/PWBMJEBUJPOJO)551SFTQPOTF
/PWBMJEBUJPO /PWBMJEBUJPO
/PWBMJEBUJPO74$PEF&YUFOTJPO
/PWBMJEBUJPO74$PEF&YUFOTJPO (FU UFYUIUNM
7BMJEBUJPOCZQBTT
7BMJEBUJPOCZQBTTJO)551SFRVFTU
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
#ZQBTTQBUUFSOT Code Implementations Bypass Examples startsWith(“image/png”) image/png, text/html endsWith(“image/png”)
text/html; image/png /^image\/png/ image/png, text/html includes(“image/png”) text/html; image/png
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7& #ZQBTT JNBHFQOH UFYUIUNM
7BMJEBUJPOCZQBTTJO)551SFTQPOTF
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT&MFDUSPO
7BMJEBUJPOCZQBTT&MFDUSPO #ZQBTT JNBHFQOH UFYUIUNM
7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO
7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO #ZQBTT UFYUIUNMQEG
.JUJHBUJPOT
4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO z
4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO z
5IBOLZPVWFSZNVDIGPSMJTUFOJOH
3FGFSFODFT
◦ "NB[PO4 ◦ IUUQTBXTBNB[PODPNKQT ◦ #MBDL'BODPOUFOUUZQFSFTFBSDI ◦ IUUQTHJUIVCDPN#MBDL'BODPOUFOUUZQFSFTFBSDICMPC NBTUFS944NE ◦
$BSSJFSXBWF ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF ◦ $7& ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF TFDVSJUZBEWJTPSJFT()4"HYIYHGRIK 3FGFSFODF
23DPEF IUUQTTQFBLFSEFDLDPNGMBUU@TFDVSJUZBSFZPVDPOUFOUXJUIPVSDVSSFOUBUUBDLTPODPOUFOUUZQF
#ZQBTTUFDIOJRVF IUUQTCTJEFTUPLZPFOYTTVTJOHEJSUZDPOUFOUUZQFJODMPVEFSB
'"2
9445ISFBUT 4UPSFE944
&TTFOUJBM5IJOHT /PWBMJEBUJPO