Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Vulnerabilidades em sistemas web

Daniel Romero
November 01, 2012
Programming
0
73

Vulnerabilidades em sistemas web

Algumas das vulnerabilidades mais exploradas em aplicações web.

Daniel Romero

November 01, 2012
Tweet

More Decks by Daniel Romero

See All by Daniel Romero
Segurança on Rails
infoslack
0
90

Other Decks in Programming

See All in Programming
Enabling DevOps and Team Topologies Through Architecture: Architecting for Fast Flow
cer
PRO
0
310
ピラミッド、アイスクリームコーン、SMURF: 自動テストの最適バランスを求めて / Pyramid Ice-Cream-Cone and SMURF
twada
PRO
10
1.3k
What’s New in Compose Multiplatform - A Live Tour (droidcon London 2024)
zsmb
1
470
型付き API リクエストを実現するいくつかの手法とその選択 / Typed API Request
euxn23
8
2.2k
WebフロントエンドにおけるGraphQL(あるいはバックエンドのAPI)との向き合い方 / #241106_plk_frontend
izumin5210
4
1.4k
Duckdb-Wasmでローカルダッシュボードを作ってみた
nkforwork
0
120
Click-free releases & the making of a CLI app
oheyadam
2
110
Kaigi on Rails 2024 〜運営の裏側〜
krpk1900
1
190
Macとオーディオ再生 2024/11/02
yusukeito
0
370
『ドメイン駆動設計をはじめよう』のモデリングアプローチ
masuda220
PRO
8
540
みんなでプロポーザルを書いてみた
yuriko1211
0
260
Ethereum_.pdf
nekomatu
0
460

Featured

See All Featured
A designer walks into a library…
pauljervisheath
203
24k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
Done Done
chrislema
181
16k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Docker and Python
trallard
40
3.1k
GitHub's CSS Performance
jonrohan
1030
460k
Navigating Team Friction
lara
183
14k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
The Cost Of JavaScript in 2023
addyosmani
45
6.7k
Ruby is Unlike a Banana
tanoku
97
11k

Transcript

  1. Vulnerabilidades em sistemas web

  2. Primeiros passos • Vulnerabilidades • Técnicas • Ferramentas • OWASP

    • SDL

  3. Vulnerabilidades mais conhecidas • Injection • XSS • DdoS •

    Top 10 - https://www.owasp.org/index.php/Top_10_2010-Main

  4. SQL Injection • https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet • http://www.unixwiz.net/techtips/sql-injection.html

  5. XSS • https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet • http://hack.us/

  6. DDos • http://ha.ckers.org/slowloris/

  7. Ferramentas • http://sqlmap.org/ - GitHub • http://www.metasploit.com/ - GitHub •

    http://arachni-scanner.com/ - GitHub • http://brakemanscanner.org/ - GitHub • http://www.openvas.org/

  8. Prática, hora dos testes

  9. None

  10. Daniel Romero [email protected] @infolslack