Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Bezpečnost webových aplikací
Search
Jirka "Jurri" Jansa
June 06, 2019
Programming
250
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Bezpečnost webových aplikací
Bezpečnost webových aplikací převážně pohledem OWASP.
Jirka "Jurri" Jansa
June 06, 2019
More Decks by Jirka "Jurri" Jansa
See All by Jirka "Jurri" Jansa
ChatGPT pro produktivitu
jurri
0
68
TM Caffè: Github Copilot
jurri
0
73
Interní DX: Kutil Tim v každém z nás
jurri
0
180
Mob and Pair programming 2021 Edition (CZ)
jurri
0
92
Hardware očima vývojáře aplikací (2021)
jurri
0
80
Testujte svou pravou DB
jurri
0
33
Other Decks in Programming
See All in Programming
Vue × Nuxt × Oxc どこまで使える?実運用の現在地
andpad
0
300
さぁV100、メモリをお食べ・・・
nilpe
0
150
A2UI という光を覗いてみる
satohjohn
1
150
AI 輔助遺留系統現代化的經驗分享
jame2408
1
970
決定論的オーケストレーションの設計と実装 / Design and Implementation of Deterministic Orchestration
nrslib
4
1.5k
セキュリティの専門家じゃなくてもできる。「セキュリティ意識」をアップデートして サプライチェーン攻撃への耐性を高めよう。
tk3fftk
5
920
Even G2とAWSで推しのエージェントを召喚しよう!
har1101
1
120
過去最大のMCPアップデート! 2026-07-28 RC版の謎に迫る
licux
6
390
AI時代のUIはどこへ行く?その2!
yusukebe
22
7.5k
Semantic Version 単位で戦略を柔軟に変えて、パッケージアップデートを自動化する
daitasu
1
300
dRuby over BLE
makicamel
2
390
気圧・高度・GPSを記録&可視化するアプリ「Koudo」を作った話
hjmkth
1
320
Featured
See All Featured
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
950
Technical Leadership for Architectural Decision Making
baasie
3
420
Designing for Performance
lara
611
70k
Unsuck your backbone
ammeep
672
58k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
440
Believing is Seeing
oripsolob
1
150
Building a Modern Day E-commerce SEO Strategy
aleyda
45
9.1k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
200
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Typedesign – Prime Four
hannesfritz
42
3.1k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.7k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
Transcript
Bezpečnost webových aplikací Jirka Jansa, 2019
zranitelnosti infrastruktura, data, kód, lidi, firmy
zranitelnosti kódu katalog CVE, CWE, skóre CVSS, databáze NVD https://nvd.nist.gov
penetrační testy
ethical hacking https://hackerone.com hacking
red teaming
prevence
OWASP The Open Web Application Security Project https://owasp.org
top 10 injekce, XSS, CSRF, rozbitá autentizace, protokol, citlivá data,
... https://github.com/OWASP/Top10 OWASP
juice shop záměrně děravá aplikace http://owasp-juice.shop OWASP
OWTF Offensive Web Testing Framework https://github.com/owtf/owtf OWASP
ASVS The Application Security Verification Standard https://github.com/OWASP/ASVS OWASP
dependency-check plugin pro maven, gradle, jenkins, sonarqube... https://github.com/jeremylong/DependencyCheck OWASP
security guides testing, developer, code review, ... https://github.com/OWASP/OWASP-Testing-Guide-v5 OWASP
cheatsheets https://github.com/OWASP/CheatSheetSeries OWASP
SAMM Software Assurance Maturity Model https://owaspsamm.org OWASP
legislativa především č. 181/2014 Sb. (kybernetický zákon) https://govcert.cz/cs/regulace-a-kontrola/legislativa
rychlý návod… ...jak to alespoň nezkonit
1. infrastruktura automatizace, updates, ops vs. hotové řešení (cloud)
2. data bezpečné algoritmy, minimální práva
3. kód dependency-check, statická analýza, pentesty, ASVS
4. lidi školení, konference, prostor pro učení, red teaming
5. firmy SAMM
jak moc, ne jestli je aplikace bezpečná?