Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Bezpečnost webových aplikací
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Jirka "Jurri" Jansa
June 06, 2019
Programming
250
0
Share
Bezpečnost webových aplikací
Bezpečnost webových aplikací převážně pohledem OWASP.
Jirka "Jurri" Jansa
June 06, 2019
More Decks by Jirka "Jurri" Jansa
See All by Jirka "Jurri" Jansa
ChatGPT pro produktivitu
jurri
0
66
TM Caffè: Github Copilot
jurri
0
64
Interní DX: Kutil Tim v každém z nás
jurri
0
180
Mob and Pair programming 2021 Edition (CZ)
jurri
0
89
Hardware očima vývojáře aplikací (2021)
jurri
0
75
Testujte svou pravou DB
jurri
0
33
Other Decks in Programming
See All in Programming
tsserverとは何だったのか、これからどうなるのか
nowaki28
1
430
Spec-Driven Development with AI-Agents: From High-Level Requirements to Working Software
antonarhipov
2
430
「エンジニアインターン、どうやって取った?」準備のリアルを語るLT会 Progate BAR
akiomatic
0
110
AIエージェントの隔離技術の徹底比較
kawayu
0
450
Modding RubyKaigi for Myself
yui_knk
0
860
関係性から理解する"同一性"の型用語たち
pvcresin
2
630
Moments When Things Go Wrong
aurimas
3
140
Inspired By RubyKaigi (EN)
atzzcokek
0
500
GitHub Copilot CLIのいいところ
htkym
2
1.2k
Make SRE Operations Easier with Azure SRE Agent
kkamegawa
0
3k
Spec Driven Development | AI Summit Lisbon
danielsogl
PRO
0
120
OSもどきOS
arkw
0
380
Featured
See All Featured
Measuring Dark Social's Impact On Conversion and Attribution
stephenakadiri
2
200
Navigating Team Friction
lara
192
16k
Claude Code のすすめ
schroneko
67
220k
Unsuck your backbone
ammeep
672
58k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.8k
Utilizing Notion as your number one productivity tool
mfonobong
4
310
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
200
74k
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Designing for Performance
lara
611
70k
Transcript
Bezpečnost webových aplikací Jirka Jansa, 2019
zranitelnosti infrastruktura, data, kód, lidi, firmy
zranitelnosti kódu katalog CVE, CWE, skóre CVSS, databáze NVD https://nvd.nist.gov
penetrační testy
ethical hacking https://hackerone.com hacking
red teaming
prevence
OWASP The Open Web Application Security Project https://owasp.org
top 10 injekce, XSS, CSRF, rozbitá autentizace, protokol, citlivá data,
... https://github.com/OWASP/Top10 OWASP
juice shop záměrně děravá aplikace http://owasp-juice.shop OWASP
OWTF Offensive Web Testing Framework https://github.com/owtf/owtf OWASP
ASVS The Application Security Verification Standard https://github.com/OWASP/ASVS OWASP
dependency-check plugin pro maven, gradle, jenkins, sonarqube... https://github.com/jeremylong/DependencyCheck OWASP
security guides testing, developer, code review, ... https://github.com/OWASP/OWASP-Testing-Guide-v5 OWASP
cheatsheets https://github.com/OWASP/CheatSheetSeries OWASP
SAMM Software Assurance Maturity Model https://owaspsamm.org OWASP
legislativa především č. 181/2014 Sb. (kybernetický zákon) https://govcert.cz/cs/regulace-a-kontrola/legislativa
rychlý návod… ...jak to alespoň nezkonit
1. infrastruktura automatizace, updates, ops vs. hotové řešení (cloud)
2. data bezpečné algoritmy, minimální práva
3. kód dependency-check, statická analýza, pentesty, ASVS
4. lidi školení, konference, prostor pro učení, red teaming
5. firmy SAMM
jak moc, ne jestli je aplikace bezpečná?
jurri
nowaki28
antonarhipov
akiomatic
kawayu
yui_knk
pvcresin
aurimas
.jpeg){kind=avatar}
atzzcokek
htkym
kkamegawa
danielsogl
arkw
stephenakadiri
lara
schroneko
ammeep
samlambert
jcasabona
mfonobong
afnizarnur
soudai
aarron
caitiem20
