Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Bezpečnost webových aplikací
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Jirka "Jurri" Jansa
June 06, 2019
Programming
0
250
Bezpečnost webových aplikací
Bezpečnost webových aplikací převážně pohledem OWASP.
Jirka "Jurri" Jansa
June 06, 2019
Tweet
Share
More Decks by Jirka "Jurri" Jansa
See All by Jirka "Jurri" Jansa
ChatGPT pro produktivitu
jurri
0
55
TM Caffè: Github Copilot
jurri
0
53
Interní DX: Kutil Tim v každém z nás
jurri
0
170
Mob and Pair programming 2021 Edition (CZ)
jurri
0
85
Hardware očima vývojáře aplikací (2021)
jurri
0
72
Testujte svou pravou DB
jurri
0
31
Other Decks in Programming
See All in Programming
LLM Observabilityによる 対話型音声AIアプリケーションの安定運用
gekko0114
2
430
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
tetutetu214
2
120
ノイジーネイバー問題を解決する 公平なキューイング
occhi
0
110
要求定義・仕様記述・設計・検証の手引き - 理論から学ぶ明確で統一された成果物定義
orgachem
PRO
1
160
Raku Raku Notion 20260128
hareyakayuruyaka
0
340
CSC307 Lecture 07
javiergs
PRO
1
550
Fluid Templating in TYPO3 14
s2b
0
130
CSC307 Lecture 09
javiergs
PRO
1
840
AI Agent の開発と運用を支える Durable Execution #AgentsInProd
izumin5210
7
2.3k
izumin5210のプロポーザルのネタ探し #tskaigi_msup
izumin5210
1
130
AIエージェントのキホンから学ぶ「エージェンティックコーディング」実践入門
masahiro_nishimi
5
470
責任感のあるCloudWatchアラームを設計しよう
akihisaikeda
3
180
Featured
See All Featured
Claude Code のすすめ
schroneko
67
210k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
180
The Art of Programming - Codeland 2020
erikaheidi
57
14k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
7.9k
How to Ace a Technical Interview
jacobian
281
24k
Design in an AI World
tapps
0
140
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
0
180
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
69
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1k
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
450
GraphQLとの向き合い方2022年版
quramy
50
14k
Transcript
Bezpečnost webových aplikací Jirka Jansa, 2019
zranitelnosti infrastruktura, data, kód, lidi, firmy
zranitelnosti kódu katalog CVE, CWE, skóre CVSS, databáze NVD https://nvd.nist.gov
penetrační testy
ethical hacking https://hackerone.com hacking
red teaming
prevence
OWASP The Open Web Application Security Project https://owasp.org
top 10 injekce, XSS, CSRF, rozbitá autentizace, protokol, citlivá data,
... https://github.com/OWASP/Top10 OWASP
juice shop záměrně děravá aplikace http://owasp-juice.shop OWASP
OWTF Offensive Web Testing Framework https://github.com/owtf/owtf OWASP
ASVS The Application Security Verification Standard https://github.com/OWASP/ASVS OWASP
dependency-check plugin pro maven, gradle, jenkins, sonarqube... https://github.com/jeremylong/DependencyCheck OWASP
security guides testing, developer, code review, ... https://github.com/OWASP/OWASP-Testing-Guide-v5 OWASP
cheatsheets https://github.com/OWASP/CheatSheetSeries OWASP
SAMM Software Assurance Maturity Model https://owaspsamm.org OWASP
legislativa především č. 181/2014 Sb. (kybernetický zákon) https://govcert.cz/cs/regulace-a-kontrola/legislativa
rychlý návod… ...jak to alespoň nezkonit
1. infrastruktura automatizace, updates, ops vs. hotové řešení (cloud)
2. data bezpečné algoritmy, minimální práva
3. kód dependency-check, statická analýza, pentesty, ASVS
4. lidi školení, konference, prostor pro učení, red teaming
5. firmy SAMM
jak moc, ne jestli je aplikace bezpečná?
jurri
gekko0114
tetutetu214
occhi
orgachem
hareyakayuruyaka
javiergs
s2b
izumin5210
masahiro_nishimi
akihisaikeda
schroneko
davetheseo
erikaheidi
eileencodes
jacobian
tapps
apolaine
ryanjones
tammyeverts
keavy
baasie
quramy
