Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Bezpečnost webových aplikací
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Jirka "Jurri" Jansa
June 06, 2019
Programming
0
250
Bezpečnost webových aplikací
Bezpečnost webových aplikací převážně pohledem OWASP.
Jirka "Jurri" Jansa
June 06, 2019
Tweet
Share
More Decks by Jirka "Jurri" Jansa
See All by Jirka "Jurri" Jansa
ChatGPT pro produktivitu
jurri
0
55
TM Caffè: Github Copilot
jurri
0
53
Interní DX: Kutil Tim v každém z nás
jurri
0
170
Mob and Pair programming 2021 Edition (CZ)
jurri
0
85
Hardware očima vývojáře aplikací (2021)
jurri
0
72
Testujte svou pravou DB
jurri
0
31
Other Decks in Programming
See All in Programming
Unicodeどうしてる? PHPから見たUnicode対応と他言語での対応についてのお伺い
youkidearitai
PRO
1
2.6k
Patterns of Patterns
denyspoltorak
0
1.4k
AtCoder Conference 2025
shindannin
0
1.1k
今こそ知るべき耐量子計算機暗号(PQC)入門 / PQC: What You Need to Know Now
mackey0225
3
380
コマンドとリード間の連携に対する脅威分析フレームワーク
pandayumi
1
460
CSC307 Lecture 09
javiergs
PRO
1
840
CSC307 Lecture 05
javiergs
PRO
0
500
React 19でつくる「気持ちいいUI」- 楽観的UIのすすめ
himorishige
11
7.4k
カスタマーサクセス業務を変革したヘルススコアの実現と学び
_hummer0724
0
720
CSC307 Lecture 07
javiergs
PRO
1
550
Package Management Learnings from Homebrew
mikemcquaid
0
230
[KNOTS 2026登壇資料]AIで拡張‧交差する プロダクト開発のプロセス および携わるメンバーの役割
hisatake
0
290
Featured
See All Featured
Darren the Foodie - Storyboard
khoart
PRO
2
2.4k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
150
WENDY [Excerpt]
tessaabrams
9
36k
New Earth Scene 8
popppiees
1
1.5k
Game over? The fight for quality and originality in the time of robots
wayneb77
1
120
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
320
Abbi's Birthday
coloredviolet
1
4.8k
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
0
180
The agentic SEO stack - context over prompts
schlessera
0
640
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
51
The World Runs on Bad Software
bkeepers
PRO
72
12k
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
livdayseo
0
67
Transcript
Bezpečnost webových aplikací Jirka Jansa, 2019
zranitelnosti infrastruktura, data, kód, lidi, firmy
zranitelnosti kódu katalog CVE, CWE, skóre CVSS, databáze NVD https://nvd.nist.gov
penetrační testy
ethical hacking https://hackerone.com hacking
red teaming
prevence
OWASP The Open Web Application Security Project https://owasp.org
top 10 injekce, XSS, CSRF, rozbitá autentizace, protokol, citlivá data,
... https://github.com/OWASP/Top10 OWASP
juice shop záměrně děravá aplikace http://owasp-juice.shop OWASP
OWTF Offensive Web Testing Framework https://github.com/owtf/owtf OWASP
ASVS The Application Security Verification Standard https://github.com/OWASP/ASVS OWASP
dependency-check plugin pro maven, gradle, jenkins, sonarqube... https://github.com/jeremylong/DependencyCheck OWASP
security guides testing, developer, code review, ... https://github.com/OWASP/OWASP-Testing-Guide-v5 OWASP
cheatsheets https://github.com/OWASP/CheatSheetSeries OWASP
SAMM Software Assurance Maturity Model https://owaspsamm.org OWASP
legislativa především č. 181/2014 Sb. (kybernetický zákon) https://govcert.cz/cs/regulace-a-kontrola/legislativa
rychlý návod… ...jak to alespoň nezkonit
1. infrastruktura automatizace, updates, ops vs. hotové řešení (cloud)
2. data bezpečné algoritmy, minimální práva
3. kód dependency-check, statická analýza, pentesty, ASVS
4. lidi školení, konference, prostor pro učení, red teaming
5. firmy SAMM
jak moc, ne jestli je aplikace bezpečná?
jurri
youkidearitai
denyspoltorak
shindannin
mackey0225
pandayumi
javiergs
himorishige
_hummer0724
mikemcquaid
hisatake
khoart
nikkihalliwell
tessaabrams
popppiees
wayneb77
marktimemedia
coloredviolet
apolaine
schlessera
akademiya2063
bkeepers
livdayseo
