Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Are you content with our current attacks on Con...
Search
GMO Flatt Security
August 05, 2024
2
320
Are you content with our current attacks on Content-Type?
A presentation for BSides Las Vegas 2024.
GMO Flatt Security
August 05, 2024
Tweet
Share
More Decks by GMO Flatt Security
See All by GMO Flatt Security
開発組織のための セキュアコーディング研修の始め方
flatt_security
3
2.5k
GMO Flatt SecurityにおけるKubernetesセキュリティ診断について
flatt_security
0
76
Flatt Security XSS Challenge 解答・解説
flatt_security
0
1.3k
GMO Flatt Security 会社紹介資料
flatt_security
0
6.2k
codeblue_2024_opentalks.pdf
flatt_security
0
100
開発生産性をむしろ向上させる セキュリティパートナーの作り方 / Dev Productivity Con 2024
flatt_security
0
1.1k
XSS using dirty Content Type in cloud era
flatt_security
2
16k
「企画力」次第でテックブログのネタは尽きない / How to plan a tech blog
flatt_security
3
660
【2025卒向け】新卒採用・会社説明資料 / Culture Deck for 2025 newgrads
flatt_security
0
1.6k
Featured
See All Featured
Building a Modern Day E-commerce SEO Strategy
aleyda
38
7.1k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.2k
The Pragmatic Product Professional
lauravandoore
32
6.4k
Typedesign – Prime Four
hannesfritz
40
2.5k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Visualization
eitanlees
146
15k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.1k
Facilitating Awesome Meetings
lara
52
6.2k
Git: the NoSQL Database
bkeepers
PRO
427
64k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k
Transcript
"SFZPVDPOUFOUXJUIPVSDVSSFOU BUUBDLTPO$POUFOU5ZQF B[BSB !B@[BSB@O FJ !FJ 'MBUU4FDVSJUZJOD
6OFYQFDUFEQBUIGSPN)551SFTQPOTF VOFYQFDUFEBUUBDLQBUI
4FMGJOUSPEVDUJPOFJ &JKJ.PSJFJ 9!FJ 'MBUU4FDVSJUZJOD .VTDMF#SBJO
/PSJIJEF4BJUPB[BSB 9!B@[BSB@O 'MBUU4FDVSJUZJOD 4FMGJOUSPEVDUJPOB[BSB IUUQTNJTDB[BSBKQ3&"%.&
5PQJDT
8IBUJT$POUFOU5ZQF 0MEBUUBDLQBUIJO)551SFTQPOTF /FXBUUBDLQBUIJO)551SFTQPOTF #VH#PVOUZQSPHSBNSFTFBSDI 044SFTFBSDI .JUJHBUJPOT 5PQJDT
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF &YUFOTJPO QOHKQH $POUFOU5ZQF JNBHFQOHJNBHFKQH .BHJDCZUF
0MEBUUBDLQBUIJO)551SFTQPOTF &YUFOTJPO QOHKQH $POUFOU5ZQF JNBHFQOHJNBHFKQH .BHJDCZUF
0MEBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
8IBUJT0CKFDU4UPSBHF %BUB .FUBEBUB
8IBUJT0CKFDU4UPSBHF %BUB .FUBEBUB $POUFOU5ZQF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF 'PSHPUWBMJEBUJPO
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
#VH#PVOUZQSPHSBNSFTFBSDI
%JTDPWFSZJO#VH#PVOUZQSPHSBN /PWBMJEBUJPO
%JTDPWFSZJO#VH#PVOUZQSPHSBN /PUVTJOH4
%JTDPWFSZJO#VH#PVOUZQSPHSBN "DDVSBUFWBMJEBUJPO
044SFTFBSDI
$PEFTFBSDI
$PEFTFBSDI
$PEFTFBSDI
$PEFTFBSDI /PWBMJEBUJPOPSMBYWBMJEBUJPO
$PEFTFBSDI /PWBMJEBUJPOPSMBYWBMJEBUJPO 😨
/PWBMJEBUJPO
/PWBMJEBUJPOJO)551SFRVFTU
/PWBMJEBUJPO /PWBMJEBUJPO
/PWBMJEBUJPO&YBNQMF
/PWBMJEBUJPO&YBNQMF 6TFEJSFDUWBMVFT
/PWBMJEBUJPO&YBNQMF
/PWBMJEBUJPO&YBNQMF 7BMJEBUJPO GSPOUFOEPOMZ
/PWBMJEBUJPO&YBNQMF 6QMPBE UFYUIUNM
/PWBMJEBUJPOJO)551SFTQPOTF
/PWBMJEBUJPO /PWBMJEBUJPO
/PWBMJEBUJPO74$PEF&YUFOTJPO
/PWBMJEBUJPO74$PEF&YUFOTJPO (FU UFYUIUNM
7BMJEBUJPOCZQBTT
7BMJEBUJPOCZQBTTJO)551SFRVFTU
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
#ZQBTTQBUUFSOT Code Implementations Bypass Examples startsWith(“image/png”) image/png, text/html endsWith(“image/png”)
text/html; image/png /^image\/png/ image/png, text/html includes(“image/png”) text/html; image/png
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7& #ZQBTT JNBHFQOH UFYUIUNM
7BMJEBUJPOCZQBTTJO)551SFTQPOTF
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT&MFDUSPO
7BMJEBUJPOCZQBTT&MFDUSPO #ZQBTT JNBHFQOH UFYUIUNM
7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO
7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO #ZQBTT UFYUIUNMQEG
.JUJHBUJPOT
4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO z
4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO z
5IBOLZPVWFSZNVDIGPSMJTUFOJOH
3FGFSFODFT
◦ "NB[PO4 ◦ IUUQTBXTBNB[PODPNKQT ◦ #MBDL'BODPOUFOUUZQFSFTFBSDI ◦ IUUQTHJUIVCDPN#MBDL'BODPOUFOUUZQFSFTFBSDICMPC NBTUFS944NE ◦
$BSSJFSXBWF ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF ◦ $7& ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF TFDVSJUZBEWJTPSJFT()4"HYIYHGRIK 3FGFSFODF
23DPEF IUUQTTQFBLFSEFDLDPNGMBUU@TFDVSJUZBSFZPVDPOUFOUXJUIPVSDVSSFOUBUUBDLTPODPOUFOUUZQF
#ZQBTTUFDIOJRVF IUUQTCTJEFTUPLZPFOYTTVTJOHEJSUZDPOUFOUUZQFJODMPVEFSB
'"2
9445ISFBUT 4UPSFE944
&TTFOUJBM5IJOHT /PWBMJEBUJPO