Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Bezpečnost webových aplikací
Search
Jirka "Jurri" Jansa
June 06, 2019
Programming
0
240
Bezpečnost webových aplikací
Bezpečnost webových aplikací převážně pohledem OWASP.
Jirka "Jurri" Jansa
June 06, 2019
Tweet
Share
More Decks by Jirka "Jurri" Jansa
See All by Jirka "Jurri" Jansa
ChatGPT pro produktivitu
jurri
0
48
TM Caffè: Github Copilot
jurri
0
49
Interní DX: Kutil Tim v každém z nás
jurri
0
160
Mob and Pair programming 2021 Edition (CZ)
jurri
0
80
Hardware očima vývojáře aplikací (2021)
jurri
0
65
Testujte svou pravou DB
jurri
0
29
Other Decks in Programming
See All in Programming
Namespace and Its Future
tagomoris
6
700
Azure SRE Agentで運用は楽になるのか?
kkamegawa
0
2.2k
FindyにおけるTakumi活用と脆弱性管理のこれから
rvirus0817
0
510
はじめてのMaterial3 Expressive
ym223
2
370
Testing Trophyは叫ばない
toms74209200
0
870
Putting The Genie in the Bottle - A Crash Course on running LLMs on Android
iurysza
0
140
「待たせ上手」なスケルトンスクリーン、 そのUXの裏側
teamlab
PRO
0
520
個人軟體時代
ethanhuang13
0
320
旅行プランAIエージェント開発の裏側
ippo012
2
910
デザイナーが Androidエンジニアに 挑戦してみた
874wokiite
0
420
How Android Uses Data Structures Behind The Scenes
l2hyunwoo
0
450
1から理解するWeb Push
dora1998
7
1.9k
Featured
See All Featured
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
112
20k
Embracing the Ebb and Flow
colly
87
4.8k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
920
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
51
5.6k
Speed Design
sergeychernyshev
32
1.1k
Gamification - CAS2011
davidbonilla
81
5.4k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
810
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
358
30k
Transcript
Bezpečnost webových aplikací Jirka Jansa, 2019
zranitelnosti infrastruktura, data, kód, lidi, firmy
zranitelnosti kódu katalog CVE, CWE, skóre CVSS, databáze NVD https://nvd.nist.gov
penetrační testy
ethical hacking https://hackerone.com hacking
red teaming
prevence
OWASP The Open Web Application Security Project https://owasp.org
top 10 injekce, XSS, CSRF, rozbitá autentizace, protokol, citlivá data,
... https://github.com/OWASP/Top10 OWASP
juice shop záměrně děravá aplikace http://owasp-juice.shop OWASP
OWTF Offensive Web Testing Framework https://github.com/owtf/owtf OWASP
ASVS The Application Security Verification Standard https://github.com/OWASP/ASVS OWASP
dependency-check plugin pro maven, gradle, jenkins, sonarqube... https://github.com/jeremylong/DependencyCheck OWASP
security guides testing, developer, code review, ... https://github.com/OWASP/OWASP-Testing-Guide-v5 OWASP
cheatsheets https://github.com/OWASP/CheatSheetSeries OWASP
SAMM Software Assurance Maturity Model https://owaspsamm.org OWASP
legislativa především č. 181/2014 Sb. (kybernetický zákon) https://govcert.cz/cs/regulace-a-kontrola/legislativa
rychlý návod… ...jak to alespoň nezkonit
1. infrastruktura automatizace, updates, ops vs. hotové řešení (cloud)
2. data bezpečné algoritmy, minimální práva
3. kód dependency-check, statická analýza, pentesty, ASVS
4. lidi školení, konference, prostor pro učení, red teaming
5. firmy SAMM
jak moc, ne jestli je aplikace bezpečná?
jurri
tagomoris
kkamegawa
rvirus0817
ym223
toms74209200
iurysza
teamlab
ethanhuang13
ippo012
874wokiite
l2hyunwoo
dora1998
marktimemedia
panda_program
colly
chrisshort
irinanazarova
thoeni
denniskardys
reverentgeek
sergeychernyshev
davidbonilla
tammyeverts
bermonpainter
