Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Bezpečnost webových aplikací
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Jirka "Jurri" Jansa
June 06, 2019
Programming
250
0
Share
Bezpečnost webových aplikací
Bezpečnost webových aplikací převážně pohledem OWASP.
Jirka "Jurri" Jansa
June 06, 2019
More Decks by Jirka "Jurri" Jansa
See All by Jirka "Jurri" Jansa
ChatGPT pro produktivitu
jurri
0
57
TM Caffè: Github Copilot
jurri
0
53
Interní DX: Kutil Tim v každém z nás
jurri
0
180
Mob and Pair programming 2021 Edition (CZ)
jurri
0
85
Hardware očima vývojáře aplikací (2021)
jurri
0
74
Testujte svou pravou DB
jurri
0
31
Other Decks in Programming
See All in Programming
AI時代のシステム設計:ドメインモデルで変更しやすさを守る設計戦略
masuda220
PRO
7
1.2k
最初からAWS CDKで技術検証してもいいんじゃない?
akihisaikeda
4
180
野球解説AI Agentを開発してみた - 2026/02/27 LayerX社内LT会資料
shinyorke
PRO
0
390
Codex CLIのSubagentsによる並列API実装 / Parallel API Implementation with Codex CLI Subagents
takatty
2
810
PHPで TLSのプロトコルを実装してみる
higaki_program
0
730
年間50登壇、単著出版、雑誌寄稿、Podcast出演、YouTube、CM、カンファレンス主催……全部やってみたので面白さ等を比較してみよう / I’ve tried them all, so let’s compare how interesting they are.
nrslib
4
690
夢の無限スパゲッティ製造機 -実装篇- #phpstudy
o0h
PRO
0
190
Claude Codeログ基盤の構築
giginet
PRO
7
3.9k
forteeの改修から振り返るPHPerKaigi 2026
muno92
PRO
3
200
条件判定に名前、つけてますか? #phperkaigi #c
77web
2
940
[PHPerKaigi 2026]PHPerKaigi2025の企画CodeGolfが最高すぎて社内で内製して半年運営して得た内製と運営の知見
ikezoemakoto
0
320
2026-03-27 #terminalnight 変数展開とコマンド展開でターミナル作業をスマートにする方法
masasuzu
0
290
Featured
See All Featured
Deep Space Network (abreviated)
tonyrice
0
100
HDC tutorial
michielstock
1
600
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
490
The Spectacular Lies of Maps
axbom
PRO
1
670
Site-Speed That Sticks
csswizardry
13
1.1k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
320
So, you think you're a good person
axbom
PRO
2
2k
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
140
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
helenjbeal
1
160
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Context Engineering - Making Every Token Count
addyosmani
9
790
ラッコキーワード サービス紹介資料
rakko
1
2.9M
Transcript
Bezpečnost webových aplikací Jirka Jansa, 2019
zranitelnosti infrastruktura, data, kód, lidi, firmy
zranitelnosti kódu katalog CVE, CWE, skóre CVSS, databáze NVD https://nvd.nist.gov
penetrační testy
ethical hacking https://hackerone.com hacking
red teaming
prevence
OWASP The Open Web Application Security Project https://owasp.org
top 10 injekce, XSS, CSRF, rozbitá autentizace, protokol, citlivá data,
... https://github.com/OWASP/Top10 OWASP
juice shop záměrně děravá aplikace http://owasp-juice.shop OWASP
OWTF Offensive Web Testing Framework https://github.com/owtf/owtf OWASP
ASVS The Application Security Verification Standard https://github.com/OWASP/ASVS OWASP
dependency-check plugin pro maven, gradle, jenkins, sonarqube... https://github.com/jeremylong/DependencyCheck OWASP
security guides testing, developer, code review, ... https://github.com/OWASP/OWASP-Testing-Guide-v5 OWASP
cheatsheets https://github.com/OWASP/CheatSheetSeries OWASP
SAMM Software Assurance Maturity Model https://owaspsamm.org OWASP
legislativa především č. 181/2014 Sb. (kybernetický zákon) https://govcert.cz/cs/regulace-a-kontrola/legislativa
rychlý návod… ...jak to alespoň nezkonit
1. infrastruktura automatizace, updates, ops vs. hotové řešení (cloud)
2. data bezpečné algoritmy, minimální práva
3. kód dependency-check, statická analýza, pentesty, ASVS
4. lidi školení, konference, prostor pro učení, red teaming
5. firmy SAMM
jak moc, ne jestli je aplikace bezpečná?
SiteGround - Reliable hosting with speed, security, and support you can count on.
jurri
masuda220
akihisaikeda
shinyorke
takatty
higaki_program
nrslib
o0h
giginet
muno92
77web
ikezoemakoto
masasuzu
tonyrice
michielstock
reverentgeek
axbom
csswizardry
katarinadahlin
codingconduct
.png){kind=avatar}
helenjbeal
jlugia
addyosmani
rakko
