Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Bezpečnost webových aplikací
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Jirka "Jurri" Jansa
June 06, 2019
Programming
250
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Bezpečnost webových aplikací
Bezpečnost webových aplikací převážně pohledem OWASP.
Jirka "Jurri" Jansa
June 06, 2019
More Decks by Jirka "Jurri" Jansa
See All by Jirka "Jurri" Jansa
ChatGPT pro produktivitu
jurri
0
68
TM Caffè: Github Copilot
jurri
0
73
Interní DX: Kutil Tim v každém z nás
jurri
0
180
Mob and Pair programming 2021 Edition (CZ)
jurri
0
92
Hardware očima vývojáře aplikací (2021)
jurri
0
80
Testujte svou pravou DB
jurri
0
33
Other Decks in Programming
See All in Programming
Oxcを導入して開発体験が向上した話
yug1224
4
340
JavaDoc 再入門
nagise
1
410
エンジニアと一緒にテストコードの設計と実装を改善した話
mototakatsu
0
220
Observability in Practice:Grafana 與 Edge Device SRE 的那些事
blueswen
0
170
エンジニア向け会社紹介/Findy Company Profile
findyinc
6
350k
生成AI時代にこそ効くGo | Why Go Works in the Age of Generative AI
mom0tomo
8
3.3k
セキュリティの専門家じゃなくてもできる。「セキュリティ意識」をアップデートして サプライチェーン攻撃への耐性を高めよう。
tk3fftk
5
920
Strategic Design in the Frontend: Moduliths & Micro Frontends @DDDEurope
manfredsteyer
PRO
0
130
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
13
6.2k
ADKを使って簡単にAIエージェントを作ってみよう
k1mu21
0
280
技術的負債解消で開発者の未来を開く- AIの力でコード刷新
kmd2kmd
0
120
Semantic Version 単位で戦略を柔軟に変えて、パッケージアップデートを自動化する
daitasu
1
300
Featured
See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
Marketing to machines
jonoalderson
1
5.5k
How to Ace a Technical Interview
jacobian
281
24k
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
helenjbeal
1
240
Practical Orchestrator
shlominoach
191
11k
Become a Pro
speakerdeck
PRO
31
6k
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
sarafernandez
2
1.5k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
780
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
1
1.3k
Agile that works and the tools we love
rasmusluckow
331
22k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
540
Transcript
Bezpečnost webových aplikací Jirka Jansa, 2019
zranitelnosti infrastruktura, data, kód, lidi, firmy
zranitelnosti kódu katalog CVE, CWE, skóre CVSS, databáze NVD https://nvd.nist.gov
penetrační testy
ethical hacking https://hackerone.com hacking
red teaming
prevence
OWASP The Open Web Application Security Project https://owasp.org
top 10 injekce, XSS, CSRF, rozbitá autentizace, protokol, citlivá data,
... https://github.com/OWASP/Top10 OWASP
juice shop záměrně děravá aplikace http://owasp-juice.shop OWASP
OWTF Offensive Web Testing Framework https://github.com/owtf/owtf OWASP
ASVS The Application Security Verification Standard https://github.com/OWASP/ASVS OWASP
dependency-check plugin pro maven, gradle, jenkins, sonarqube... https://github.com/jeremylong/DependencyCheck OWASP
security guides testing, developer, code review, ... https://github.com/OWASP/OWASP-Testing-Guide-v5 OWASP
cheatsheets https://github.com/OWASP/CheatSheetSeries OWASP
SAMM Software Assurance Maturity Model https://owaspsamm.org OWASP
legislativa především č. 181/2014 Sb. (kybernetický zákon) https://govcert.cz/cs/regulace-a-kontrola/legislativa
rychlý návod… ...jak to alespoň nezkonit
1. infrastruktura automatizace, updates, ops vs. hotové řešení (cloud)
2. data bezpečné algoritmy, minimální práva
3. kód dependency-check, statická analýza, pentesty, ASVS
4. lidi školení, konference, prostor pro učení, red teaming
5. firmy SAMM
jak moc, ne jestli je aplikace bezpečná?