Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Vulnerabilidades em sistemas web
Search
Daniel Romero
November 01, 2012
Programming
0
74
Vulnerabilidades em sistemas web
Algumas das vulnerabilidades mais exploradas em aplicações web.
Daniel Romero
November 01, 2012
Tweet
Share
More Decks by Daniel Romero
See All by Daniel Romero
Segurança on Rails
infoslack
0
98
Other Decks in Programming
See All in Programming
私の後悔をAWS DMSで解決した話
hiramax
4
210
HTMLの品質ってなんだっけ? “HTMLクライテリア”の設計と実践
unachang113
4
2.7k
プロパティベーステストによるUIテスト: LLMによるプロパティ定義生成でエッジケースを捉える
tetta_pdnt
0
300
OSS開発者という働き方
andpad
5
1.7k
Android端末で実現するオンデバイスLLM 2025
masayukisuda
1
120
ファインディ株式会社におけるMCP活用とサービス開発
starfish719
0
290
CloudflareのChat Agent Starter Kitで簡単!AIチャットボット構築
syumai
2
460
AIコーディングAgentとの向き合い方
eycjur
0
270
Introducing ReActionView: A new ActionView-compatible ERB Engine @ Rails World 2025, Amsterdam
marcoroth
0
630
AI Coding Agentのセキュリティリスク:PRの自己承認とメルカリの対策
s3h
0
200
意外と簡単!?フロントエンドでパスキー認証を実現する WebAuthn
teamlab
PRO
2
720
Laravel Boost 超入門
fire_arlo
2
210
Featured
See All Featured
Visualization
eitanlees
148
16k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.9k
Building a Modern Day E-commerce SEO Strategy
aleyda
43
7.6k
Building Applications with DynamoDB
mza
96
6.6k
GraphQLの誤解/rethinking-graphql
sonatard
72
11k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Rails Girls Zürich Keynote
gr2m
95
14k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Faster Mobile Websites
deanohume
309
31k
Writing Fast Ruby
sferik
628
62k
GitHub's CSS Performance
jonrohan
1032
460k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Transcript
Vulnerabilidades em sistemas web
Primeiros passos • Vulnerabilidades • Técnicas • Ferramentas • OWASP
• SDL
Vulnerabilidades mais conhecidas • Injection • XSS • DdoS •
Top 10 - https://www.owasp.org/index.php/Top_10_2010-Main
SQL Injection • https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet • http://www.unixwiz.net/techtips/sql-injection.html
XSS • https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet • http://hack.us/
DDos • http://ha.ckers.org/slowloris/
Ferramentas • http://sqlmap.org/ - GitHub • http://www.metasploit.com/ - GitHub •
http://arachni-scanner.com/ - GitHub • http://brakemanscanner.org/ - GitHub • http://www.openvas.org/
Prática, hora dos testes
None
Daniel Romero
[email protected]
@infolslack