Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Vulnerabilidades em sistemas web
Search
Daniel Romero
November 01, 2012
Programming
0
74
Vulnerabilidades em sistemas web
Algumas das vulnerabilidades mais exploradas em aplicações web.
Daniel Romero
November 01, 2012
Tweet
Share
More Decks by Daniel Romero
See All by Daniel Romero
Segurança on Rails
infoslack
0
96
Other Decks in Programming
See All in Programming
プロダクト志向なエンジニアがもう一歩先の価値を目指すために意識したこと
nealle
0
110
Team topologies and the microservice architecture: a synergistic relationship
cer
PRO
0
1k
すべてのコンテキストを、 ユーザー価値に変える
applism118
2
710
AWS CDKの推しポイント 〜CloudFormationと比較してみた〜
akihisaikeda
3
310
童醫院敏捷轉型的實踐經驗
cclai999
0
180
Claude Codeの使い方
ttnyt8701
1
130
Railsアプリケーションと パフォーマンスチューニング ー 秒間5万リクエストの モバイルオーダーシステムを支える事例 ー Rubyセミナー 大阪
falcon8823
4
910
Benchmark
sysong
0
250
Gleamという選択肢
comamoca
6
760
Create a website using Spatial Web
akkeylab
0
300
明示と暗黙 ー PHPとGoの インターフェイスの違いを知る
shimabox
2
280
Google Agent Development Kit でLINE Botを作ってみた
ymd65536
2
130
Featured
See All Featured
Designing for Performance
lara
609
69k
Speed Design
sergeychernyshev
32
1k
For a Future-Friendly Web
brad_frost
179
9.8k
Raft: Consensus for Rubyists
vanstee
140
7k
BBQ
matthewcrist
89
9.7k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
138
34k
Practical Orchestrator
shlominoach
188
11k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.1k
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
Producing Creativity
orderedlist
PRO
346
40k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
48
5.4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
53k
Transcript
Vulnerabilidades em sistemas web
Primeiros passos • Vulnerabilidades • Técnicas • Ferramentas • OWASP
• SDL
Vulnerabilidades mais conhecidas • Injection • XSS • DdoS •
Top 10 - https://www.owasp.org/index.php/Top_10_2010-Main
SQL Injection • https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet • http://www.unixwiz.net/techtips/sql-injection.html
XSS • https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet • http://hack.us/
DDos • http://ha.ckers.org/slowloris/
Ferramentas • http://sqlmap.org/ - GitHub • http://www.metasploit.com/ - GitHub •
http://arachni-scanner.com/ - GitHub • http://brakemanscanner.org/ - GitHub • http://www.openvas.org/
Prática, hora dos testes
None
Daniel Romero
[email protected]
@infolslack