Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Bezpečnost webových aplikací
Search
Jirka "Jurri" Jansa
June 06, 2019
Programming
250
0
Share
Bezpečnost webových aplikací
Bezpečnost webových aplikací převážně pohledem OWASP.
Jirka "Jurri" Jansa
June 06, 2019
More Decks by Jirka "Jurri" Jansa
See All by Jirka "Jurri" Jansa
ChatGPT pro produktivitu
jurri
0
66
TM Caffè: Github Copilot
jurri
0
64
Interní DX: Kutil Tim v každém z nás
jurri
0
180
Mob and Pair programming 2021 Edition (CZ)
jurri
0
89
Hardware očima vývojáře aplikací (2021)
jurri
0
75
Testujte svou pravou DB
jurri
0
33
Other Decks in Programming
See All in Programming
LLM本来の能力を解き放つサンドボックス技術とAI民主化への適用
yukukotani
2
1.7k
SPMマルチモジュールで テストカバレッジを取得する技法
yosshi4486
0
140
Lemonade + Foundry Toolkit でお手軽アプリ開発
seosoft
1
260
セキュリティの専門家じゃなくてもできる。「セキュリティ意識」をアップデートして サプライチェーン攻撃への耐性を高めよう。
tk3fftk
4
430
Java × distroless で 軽量なコンテナイメージを / Java on Distroless
contour_gara
0
460
Copilot CLI の継戦能力を高める コンテキスト管理
nozomutu
1
1.2k
Old Dog, New Tricks: The Java 25 Reinvention - JNation
bazlur_rahman
0
140
作って学ぶ、 JSX (TSX) ランタイムの基本
syumai
7
1.5k
Oxlintのカスタムルールの現況
syumai
5
970
権限チェックの一貫性を型で守る TypeScript による多層防御
mnch
4
1.1k
AIとRubyの静的型付け
ukin0k0
0
510
TSKaigi 2026 TypeScriptバックエンドのオブザーバビリティ戦略 — Datadog × NestJSの実践
taiseiyamamotoan
1
220
Featured
See All Featured
Building AI with AI
inesmontani
PRO
1
1k
Between Models and Reality
mayunak
4
320
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
180
KATA
mclloyd
PRO
35
15k
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
220
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.5k
Mind Mapping
helmedeiros
PRO
1
230
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
4 Signs Your Business is Dying
shpigford
187
22k
The Invisible Side of Design
smashingmag
302
52k
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
1
330
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
430
Transcript
Bezpečnost webových aplikací Jirka Jansa, 2019
zranitelnosti infrastruktura, data, kód, lidi, firmy
zranitelnosti kódu katalog CVE, CWE, skóre CVSS, databáze NVD https://nvd.nist.gov
penetrační testy
ethical hacking https://hackerone.com hacking
red teaming
prevence
OWASP The Open Web Application Security Project https://owasp.org
top 10 injekce, XSS, CSRF, rozbitá autentizace, protokol, citlivá data,
... https://github.com/OWASP/Top10 OWASP
juice shop záměrně děravá aplikace http://owasp-juice.shop OWASP
OWTF Offensive Web Testing Framework https://github.com/owtf/owtf OWASP
ASVS The Application Security Verification Standard https://github.com/OWASP/ASVS OWASP
dependency-check plugin pro maven, gradle, jenkins, sonarqube... https://github.com/jeremylong/DependencyCheck OWASP
security guides testing, developer, code review, ... https://github.com/OWASP/OWASP-Testing-Guide-v5 OWASP
cheatsheets https://github.com/OWASP/CheatSheetSeries OWASP
SAMM Software Assurance Maturity Model https://owaspsamm.org OWASP
legislativa především č. 181/2014 Sb. (kybernetický zákon) https://govcert.cz/cs/regulace-a-kontrola/legislativa
rychlý návod… ...jak to alespoň nezkonit
1. infrastruktura automatizace, updates, ops vs. hotové řešení (cloud)
2. data bezpečné algoritmy, minimální práva
3. kód dependency-check, statická analýza, pentesty, ASVS
4. lidi školení, konference, prostor pro učení, red teaming
5. firmy SAMM
jak moc, ne jestli je aplikace bezpečná?
jurri
yukukotani
yosshi4486
seosoft
tk3fftk
contour_gara
nozomutu
bazlur_rahman
syumai
mnch
ukin0k0
taiseiyamamotoan
inesmontani
mayunak
tmiket
mclloyd
pwiseman
marcduiker
helmedeiros
morganepeng
shpigford
smashingmag
apolaine
marktimemedia
