Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Vulnerabilidades em sistemas web

Avatar for Daniel Romero Daniel Romero
November 01, 2012
Programming
0
74

Vulnerabilidades em sistemas web

Algumas das vulnerabilidades mais exploradas em aplicações web.

Avatar for Daniel Romero

Daniel Romero

November 01, 2012
Tweet

More Decks by Daniel Romero

See All by Daniel Romero
Segurança on Rails
Avatar for Daniel Romero infoslack
0
98

Other Decks in Programming

See All in Programming
私の後悔をAWS DMSで解決した話
Avatar for 平目 hiramax
4
210
HTMLの品質ってなんだっけ? “HTMLクライテリア”の設計と実践
Avatar for una unachang113
4
2.7k
プロパティベーステストによるUIテスト: LLMによるプロパティ定義生成でエッジケースを捉える
Avatar for Tetta Noguchi tetta_pdnt
0
300
OSS開発者という働き方
Avatar for ANDPAD inc andpad
5
1.7k
Android端末で実現するオンデバイスLLM 2025
Avatar for Masayuki Suda masayukisuda
1
120
ファインディ株式会社におけるMCP活用とサービス開発
Avatar for starfish719 starfish719
0
290
CloudflareのChat Agent Starter Kitで簡単!AIチャットボット構築
Avatar for syumai syumai
2
460
AIコーディングAgentとの向き合い方
Avatar for kmuto eycjur
0
270
Introducing ReActionView: A new ActionView-compatible ERB Engine @ Rails World 2025, Amsterdam
Avatar for Marco Roth marcoroth
0
630
AI Coding Agentのセキュリティリスク:PRの自己承認とメルカリの対策
Avatar for さうす s3h
0
200
意外と簡単!?フロントエンドでパスキー認証を実現する WebAuthn
Avatar for teamLab teamlab
PRO
2
720
Laravel Boost 超入門
Avatar for Arlo fire_arlo
2
210

Featured

See All Featured
Visualization
Avatar for Eitan Lees eitanlees
148
16k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
29
2.9k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
43
7.6k
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
6.6k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
72
11k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
14k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
Faster Mobile Websites
Avatar for Dean Hume deanohume
309
31k
Writing Fast Ruby
Avatar for Erik Berlin sferik
628
62k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1032
460k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k

Transcript

  1. Vulnerabilidades em sistemas web

  2. Primeiros passos • Vulnerabilidades • Técnicas • Ferramentas • OWASP

    • SDL

  3. Vulnerabilidades mais conhecidas • Injection • XSS • DdoS •

    Top 10 - https://www.owasp.org/index.php/Top_10_2010-Main

  4. SQL Injection • https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet • http://www.unixwiz.net/techtips/sql-injection.html

  5. XSS • https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet • http://hack.us/

  6. DDos • http://ha.ckers.org/slowloris/

  7. Ferramentas • http://sqlmap.org/ - GitHub • http://www.metasploit.com/ - GitHub •

    http://arachni-scanner.com/ - GitHub • http://brakemanscanner.org/ - GitHub • http://www.openvas.org/

  8. Prática, hora dos testes

  9. None

  10. Daniel Romero [email protected] @infolslack