Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Bezpečnost webových aplikací
Search
Jirka "Jurri" Jansa
June 06, 2019
Programming
0
250
Bezpečnost webových aplikací
Bezpečnost webových aplikací převážně pohledem OWASP.
Jirka "Jurri" Jansa
June 06, 2019
Tweet
Share
More Decks by Jirka "Jurri" Jansa
See All by Jirka "Jurri" Jansa
ChatGPT pro produktivitu
jurri
0
50
TM Caffè: Github Copilot
jurri
0
50
Interní DX: Kutil Tim v každém z nás
jurri
0
160
Mob and Pair programming 2021 Edition (CZ)
jurri
0
81
Hardware očima vývojáře aplikací (2021)
jurri
0
66
Testujte svou pravou DB
jurri
0
29
Other Decks in Programming
See All in Programming
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
390
monorepo の Go テストをはやくした〜い!~最小の依存解決への道のり~ / faster-testing-of-monorepos
convto
2
500
XP, Testing and ninja testing ZOZ5
m_seki
3
690
Pull-Requestの内容を1クリックで動作確認可能にするワークフロー
natmark
2
520
(Extension DC 2025) Actor境界を越える技術
teamhimeh
1
260
Software Architecture
hschwentner
6
2.3k
Android16 Migration Stories ~Building a Pattern for Android OS upgrades~
reoandroider
0
120
デミカツ切り抜きで面倒くさいことはPythonにやらせよう
aokswork3
0
250
bootcamp2025_バックエンド研修_WebAPIサーバ作成.pdf
geniee_inc
0
110
品質ワークショップをやってみた
nealle
0
460
作って理解するGOCACHEPROG / Go Conference 2025(Workshop)
mazrean
0
100
いま中途半端なSwift 6対応をするより、Default ActorやApproachable Concurrencyを有効にしてからでいいんじゃない?
yimajo
2
430
Featured
See All Featured
Done Done
chrislema
185
16k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
15k
Designing for Performance
lara
610
69k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Scaling GitHub
holman
463
140k
Mobile First: as difficult as doing things right
swwweet
224
10k
Typedesign – Prime Four
hannesfritz
42
2.8k
What's in a price? How to price your products and services
michaelherold
246
12k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.2k
Six Lessons from altMBA
skipperchong
29
4k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Transcript
Bezpečnost webových aplikací Jirka Jansa, 2019
zranitelnosti infrastruktura, data, kód, lidi, firmy
zranitelnosti kódu katalog CVE, CWE, skóre CVSS, databáze NVD https://nvd.nist.gov
penetrační testy
ethical hacking https://hackerone.com hacking
red teaming
prevence
OWASP The Open Web Application Security Project https://owasp.org
top 10 injekce, XSS, CSRF, rozbitá autentizace, protokol, citlivá data,
... https://github.com/OWASP/Top10 OWASP
juice shop záměrně děravá aplikace http://owasp-juice.shop OWASP
OWTF Offensive Web Testing Framework https://github.com/owtf/owtf OWASP
ASVS The Application Security Verification Standard https://github.com/OWASP/ASVS OWASP
dependency-check plugin pro maven, gradle, jenkins, sonarqube... https://github.com/jeremylong/DependencyCheck OWASP
security guides testing, developer, code review, ... https://github.com/OWASP/OWASP-Testing-Guide-v5 OWASP
cheatsheets https://github.com/OWASP/CheatSheetSeries OWASP
SAMM Software Assurance Maturity Model https://owaspsamm.org OWASP
legislativa především č. 181/2014 Sb. (kybernetický zákon) https://govcert.cz/cs/regulace-a-kontrola/legislativa
rychlý návod… ...jak to alespoň nezkonit
1. infrastruktura automatizace, updates, ops vs. hotové řešení (cloud)
2. data bezpečné algoritmy, minimální práva
3. kód dependency-check, statická analýza, pentesty, ASVS
4. lidi školení, konference, prostor pro učení, red teaming
5. firmy SAMM
jak moc, ne jestli je aplikace bezpečná?
jurri
ivargrimstad
convto
m_seki
natmark
teamhimeh
hschwentner
reoandroider
aokswork3
geniee_inc
nealle
mazrean
yimajo
chrislema
sstephenson
lara
malarkey
holman
swwweet
hannesfritz
michaelherold
chriscoyier
rmw
skipperchong
rocio
