Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Vulnerabilidades em sistemas web

Avatar for Daniel Romero Daniel Romero
November 01, 2012
Programming
0
80

Vulnerabilidades em sistemas web

Algumas das vulnerabilidades mais exploradas em aplicações web.

Avatar for Daniel Romero

Daniel Romero

November 01, 2012
Tweet

More Decks by Daniel Romero

See All by Daniel Romero
Segurança on Rails
Avatar for Daniel Romero infoslack
0
120

Other Decks in Programming

See All in Programming
ベクトル検索のフィルタを用いた機械学習モデルとの統合 / python-meetup-fukuoka-06-vector-attr
Avatar for monochromegane monochromegane
2
390
The Past, Present, and Future of Enterprise Java
Avatar for ivargrimstad ivargrimstad
0
230
Go 1.26でのsliceのメモリアロケーション最適化 / Go 1.26 リリースパーティ #go126party
Avatar for mazrean mazrean
1
380
受け入れテスト駆動開発(ATDD)×AI駆動開発 AI時代のATDDの取り組み方を考える
Avatar for Takasaki Kazunari kztakasaki
2
560
技術検証結果の整理と解析をAIに任せよう!
Avatar for Keisuke Ikeda keisukeikeda
0
120
Ruby x Terminal
Avatar for Akira Matsuda a_matsuda
7
590
Go1.26 go fixをプロダクトに適用して困ったこと
Avatar for Hiroki Kurasawa kurakura0916
0
370
S3ストレージクラスの「見える」「ある」「使える」は全部違う ─ 体験から見た、仕様の深淵を覗く
Avatar for ya_ma23 ya_ma23
0
380
CDIの誤解しがちな仕様とその対処TIPS
Avatar for futokiyo futokiyo
0
200
AI主導でFastAPIのWebサービスを作るときに 人間が構造化すべき境界線
Avatar for Jun okazaki okajun35
0
710
Swift ConcurrencyでよりSwiftyに
Avatar for 野瀬田 裕樹 yuukiw00w
0
260
DevinとClaude Code、SREの現場で使い倒してみた件
Avatar for karia/Y.Hisamatsu karia
1
1k

Featured

See All Featured
Applied NLP in the Age of Generative AI
Avatar for Ines Montani inesmontani
PRO
4
2.2k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
274
21k
Skip the Path - Find Your Career Trail
Avatar for Mark Kilby mkilby
1
76
The #1 spot is gone: here's how to win anyway
Avatar for Tamara Novitovic tamaranovitovic
2
980
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.4k
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
Avatar for Sara Fernández Carmona sarafernandez
0
140
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
141
35k
Test your architecture with Archunit
Avatar for Yoan thirion
1
2.2k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
163
24k
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
Avatar for Dr. Kim W Petersen kimpetersen
PRO
0
270
The Director’s Chair: Orchestrating AI for Truly Effective Learning
Avatar for Mike Taylor tmiket
1
130
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
0
170

Transcript

  1. Vulnerabilidades em sistemas web

  2. Primeiros passos • Vulnerabilidades • Técnicas • Ferramentas • OWASP

    • SDL

  3. Vulnerabilidades mais conhecidas • Injection • XSS • DdoS •

    Top 10 - https://www.owasp.org/index.php/Top_10_2010-Main

  4. SQL Injection • https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet • http://www.unixwiz.net/techtips/sql-injection.html

  5. XSS • https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet • http://hack.us/

  6. DDos • http://ha.ckers.org/slowloris/

  7. Ferramentas • http://sqlmap.org/ - GitHub • http://www.metasploit.com/ - GitHub •

    http://arachni-scanner.com/ - GitHub • http://brakemanscanner.org/ - GitHub • http://www.openvas.org/

  8. Prática, hora dos testes

  9. None

  10. Daniel Romero [email protected] @infolslack