Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Vulnerabilidades em sistemas web

Avatar for Daniel Romero Daniel Romero
November 01, 2012
Programming
0
74

Vulnerabilidades em sistemas web

Algumas das vulnerabilidades mais exploradas em aplicações web.
Avatar for Daniel Romero

Daniel Romero

November 01, 2012
Tweet

More Decks by Daniel Romero

See All by Daniel Romero
Segurança on Rails
Avatar for Daniel Romero infoslack
0
96

Other Decks in Programming

See All in Programming
プロダクト志向なエンジニアがもう一歩先の価値を目指すために意識したこと
Avatar for Nealle nealle
0
110
Team topologies and the microservice architecture: a synergistic relationship
Avatar for Chris Richardson cer
PRO
0
1k
すべてのコンテキストを、 ユーザー価値に変える
Avatar for Michiru Kato applism118
2
710
AWS CDKの推しポイント 〜CloudFormationと比較してみた〜
Avatar for アキキー akihisaikeda
3
310
童醫院敏捷轉型的實踐經驗
Avatar for Max Lai cclai999
0
180
Claude Codeの使い方
Avatar for ttnyt8701 ttnyt8701
1
130
Railsアプリケーションと パフォーマンスチューニング ー 秒間5万リクエストの モバイルオーダーシステムを支える事例 ー Rubyセミナー 大阪
Avatar for Hayato OKUMOTO falcon8823
4
910
Benchmark
Avatar for 송상윤 sysong
0
250
Gleamという選択肢
Avatar for Comamoca comamoca
6
760
Create a website using Spatial Web
Avatar for Akio Itaya akkeylab
0
300
明示と暗黙 ー PHPとGoの インターフェイスの違いを知る
Avatar for shimabox shimabox
2
280
Google Agent Development Kit でLINE Botを作ってみた
Avatar for Kento.Yamada ymd65536
2
130

Featured

See All Featured
Designing for Performance
Avatar for Lara Hogan lara
609
69k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
32
1k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
179
9.8k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
140
7k
BBQ
Avatar for Matthew Crist matthewcrist
89
9.7k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
138
34k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
188
11k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
30
2.1k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
11k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
346
40k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
48
5.4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
181
53k

Transcript

  1. Vulnerabilidades em sistemas web

  2. Primeiros passos • Vulnerabilidades • Técnicas • Ferramentas • OWASP

    • SDL

  3. Vulnerabilidades mais conhecidas • Injection • XSS • DdoS •

    Top 10 - https://www.owasp.org/index.php/Top_10_2010-Main

  4. SQL Injection • https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet • http://www.unixwiz.net/techtips/sql-injection.html

  5. XSS • https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet • http://hack.us/

  6. DDos • http://ha.ckers.org/slowloris/

  7. Ferramentas • http://sqlmap.org/ - GitHub • http://www.metasploit.com/ - GitHub •

    http://arachni-scanner.com/ - GitHub • http://brakemanscanner.org/ - GitHub • http://www.openvas.org/

  8. Prática, hora dos testes

  9. None

  10. Daniel Romero [email protected] @infolslack