Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Bezpečnost webových aplikací
Search
Jirka "Jurri" Jansa
June 06, 2019
Programming
0
250
Bezpečnost webových aplikací
Bezpečnost webových aplikací převážně pohledem OWASP.
Jirka "Jurri" Jansa
June 06, 2019
Tweet
Share
More Decks by Jirka "Jurri" Jansa
See All by Jirka "Jurri" Jansa
ChatGPT pro produktivitu
jurri
0
56
TM Caffè: Github Copilot
jurri
0
53
Interní DX: Kutil Tim v každém z nás
jurri
0
180
Mob and Pair programming 2021 Edition (CZ)
jurri
0
85
Hardware očima vývojáře aplikací (2021)
jurri
0
73
Testujte svou pravou DB
jurri
0
31
Other Decks in Programming
See All in Programming
猫の手も借りたい!ので AIエージェント猫を作って社内に放した話 Claude Code × Container Lambda の Slack Bot "DevNeko"
naramomi7
0
270
TipKitTips
ktcryomm
0
170
Windows on Ryzen and I
seosoft
0
300
AHC061解説
shun_pi
0
380
AWS Infrastructure as Code の新機能 2025 総まとめ 〜SA 4人による怒涛のデモ祭り〜
konokenj
10
3.4k
Unity6.3 AudioUpdate
cova8bitdots
0
140
ふつうの Rubyist、ちいさなデバイス、大きな一年
bash0c7
0
970
守る「だけ」の優しいEMを抜けて、 事業とチームを両方見る視点を身につけた話
maroon8021
3
980
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
580
GC言語のWasm化とComponent Modelサポートの実践と課題 - Scalaの場合
tanishiking
0
110
Swift ConcurrencyでよりSwiftyに
yuukiw00w
0
270
Takumiから考えるSecurity_Maturity_Model.pdf
gessy0129
1
150
Featured
See All Featured
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
350
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
141
35k
The Invisible Side of Design
smashingmag
302
51k
The Mindset for Success: Future Career Progression
greggifford
PRO
0
280
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
990
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
aleyda
2
9.9k
Speed Design
sergeychernyshev
33
1.6k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4k
Darren the Foodie - Storyboard
khoart
PRO
3
2.9k
Music & Morning Musume
bryan
47
7.1k
Test your architecture with Archunit
thirion
1
2.2k
Google's AI Overviews - The New Search
badams
0
930
Transcript
Bezpečnost webových aplikací Jirka Jansa, 2019
zranitelnosti infrastruktura, data, kód, lidi, firmy
zranitelnosti kódu katalog CVE, CWE, skóre CVSS, databáze NVD https://nvd.nist.gov
penetrační testy
ethical hacking https://hackerone.com hacking
red teaming
prevence
OWASP The Open Web Application Security Project https://owasp.org
top 10 injekce, XSS, CSRF, rozbitá autentizace, protokol, citlivá data,
... https://github.com/OWASP/Top10 OWASP
juice shop záměrně děravá aplikace http://owasp-juice.shop OWASP
OWTF Offensive Web Testing Framework https://github.com/owtf/owtf OWASP
ASVS The Application Security Verification Standard https://github.com/OWASP/ASVS OWASP
dependency-check plugin pro maven, gradle, jenkins, sonarqube... https://github.com/jeremylong/DependencyCheck OWASP
security guides testing, developer, code review, ... https://github.com/OWASP/OWASP-Testing-Guide-v5 OWASP
cheatsheets https://github.com/OWASP/CheatSheetSeries OWASP
SAMM Software Assurance Maturity Model https://owaspsamm.org OWASP
legislativa především č. 181/2014 Sb. (kybernetický zákon) https://govcert.cz/cs/regulace-a-kontrola/legislativa
rychlý návod… ...jak to alespoň nezkonit
1. infrastruktura automatizace, updates, ops vs. hotové řešení (cloud)
2. data bezpečné algoritmy, minimální práva
3. kód dependency-check, statická analýza, pentesty, ASVS
4. lidi školení, konference, prostor pro učení, red teaming
5. firmy SAMM
jak moc, ne jestli je aplikace bezpečná?
jurri
naramomi7
ktcryomm
seosoft
shun_pi
konokenj
cova8bitdots
bash0c7
maroon8021
ivargrimstad
tanishiking
yuukiw00w
gessy0129
marktimemedia
eileencodes
smashingmag
greggifford
tamaranovitovic
aleyda
sergeychernyshev
productmarketing
khoart
bryan
thirion
badams
