Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Vulnerabilidades em sistemas web

Daniel Romero
November 01, 2012
Programming
0
64

Vulnerabilidades em sistemas web

Algumas das vulnerabilidades mais exploradas em aplicações web.

Daniel Romero

November 01, 2012
Tweet

More Decks by Daniel Romero

See All by Daniel Romero
Segurança on Rails
infoslack
0
72

Other Decks in Programming

See All in Programming
Make Regexp#match much faster
makenowjust
1
320
RBS meets LLMs - Type inference using LLM
kokuyouwind
0
200
良い開発生産性を目指せば採用もうまくいく
rinchsan
0
320
Avoiding common pitfalls with modern microservices testing
hollycummins
0
140
Swiftにおけるポリモーフィズム実現手段の検討
mot_techtalk
1
150
The Resurrection of 
the Fast Parallel Test Runner
koic
1
1.6k
フロントエンドエンジニアの友人と“型”で話がすれ違った原因 YUMEMI.grow合同LT会in横浜 @Kaito-Dogi
doggy
1
350
Mojoliciousでつくる! Webアプリ入門
yusukebe
0
190
Goのジェネリクスを活用する
syumai
2
1.1k
Developing Chrome Extension with ruby.wasm
logiteca7
1
200
Ruby JIT Hacking Guide / RubyKaigi 2023
k0kubun
0
3.3k
Night Session: The Future of WebDev
manfredsteyer
PRO
0
130

Featured

See All Featured
Thoughts on Productivity
jonyablonski
52
2.9k
A Modern Web Designer's Workflow
chriscoyier
689
190k
Adopting Sorbet at Scale
ufuk
66
8k
Web development in the modern age
philhawksworth
197
9.7k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
46
15k
Imperfection Machines: The Place of Print at Facebook
scottboms
255
12k
The Art of Programming - Codeland 2020
erikaheidi
37
11k
Building Effective Engineering Teams - LeadDev
addyosmani
5
570
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
23
1.8k
A better future with KSS
kneath
230
16k
The Mythical Team-Month
searls
211
41k
In The Pink: A Labor of Love
frogandcode
133
21k

Transcript

  1. Vulnerabilidades em sistemas web

    View Slide

  2. Primeiros passos

    Vulnerabilidades

    Técnicas

    Ferramentas

    OWASP

    SDL

    View Slide

  3. Vulnerabilidades mais conhecidas

    Injection

    XSS

    DdoS

    Top 10 - https://www.owasp.org/index.php/Top_10_2010-Main

    View Slide

  4. SQL Injection

    https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

    http://www.unixwiz.net/techtips/sql-injection.html

    View Slide

  5. XSS

    https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet

    http://hack.us/

    View Slide

  6. DDos

    http://ha.ckers.org/slowloris/

    View Slide

  7. Ferramentas

    http://sqlmap.org/ - GitHub

    http://www.metasploit.com/ - GitHub

    http://arachni-scanner.com/ - GitHub

    http://brakemanscanner.org/ - GitHub

    http://www.openvas.org/

    View Slide

  8. Prática, hora dos testes

    View Slide

  9. View Slide

  10. Daniel Romero
    [email protected]
    @infolslack

    View Slide