Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Bezpečnost webových aplikací
Search
Jirka "Jurri" Jansa
June 06, 2019
Programming
0
250
Bezpečnost webových aplikací
Bezpečnost webových aplikací převážně pohledem OWASP.
Jirka "Jurri" Jansa
June 06, 2019
Tweet
Share
More Decks by Jirka "Jurri" Jansa
See All by Jirka "Jurri" Jansa
ChatGPT pro produktivitu
jurri
0
55
TM Caffè: Github Copilot
jurri
0
52
Interní DX: Kutil Tim v každém z nás
jurri
0
170
Mob and Pair programming 2021 Edition (CZ)
jurri
0
83
Hardware očima vývojáře aplikací (2021)
jurri
0
69
Testujte svou pravou DB
jurri
0
31
Other Decks in Programming
See All in Programming
Context is King? 〜Verifiability時代とコンテキスト設計 / Beyond "Context is King"
rkaga
10
1.3k
안드로이드 9년차 개발자, 프론트엔드 주니어로 커리어 리셋하기
maryang
1
120
Integrating WordPress and Symfony
alexandresalome
0
160
WebRTC、 綺麗に見るか滑らかに見るか
sublimer
1
190
WebRTC と Rust と 8K 60fps
tnoho
2
2k
複数人でのCLI/Infrastructure as Codeの暮らしを良くする
shmokmt
5
2.3k
SwiftUIで本格音ゲー実装してみた
hypebeans
0
400
愛される翻訳の秘訣
kishikawakatsumi
3
330
FluorTracer / RayTracingCamp11
kugimasa
0
230
Cell-Based Architecture
larchanjo
0
130
モデル駆動設計をやってみよう ワークショップ開催報告(Modeling Forum2025) / model driven design workshop report
haru860
0
270
宅宅自以為的浪漫:跟 AI 一起為自己辦的研討會寫一個售票系統
eddie
0
510
Featured
See All Featured
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.7k
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.8k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
37
2.6k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Optimising Largest Contentful Paint
csswizardry
37
3.5k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
659
61k
Writing Fast Ruby
sferik
630
62k
Bash Introduction
62gerente
615
210k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.3k
Art, The Web, and Tiny UX
lynnandtonic
304
21k
Transcript
Bezpečnost webových aplikací Jirka Jansa, 2019
zranitelnosti infrastruktura, data, kód, lidi, firmy
zranitelnosti kódu katalog CVE, CWE, skóre CVSS, databáze NVD https://nvd.nist.gov
penetrační testy
ethical hacking https://hackerone.com hacking
red teaming
prevence
OWASP The Open Web Application Security Project https://owasp.org
top 10 injekce, XSS, CSRF, rozbitá autentizace, protokol, citlivá data,
... https://github.com/OWASP/Top10 OWASP
juice shop záměrně děravá aplikace http://owasp-juice.shop OWASP
OWTF Offensive Web Testing Framework https://github.com/owtf/owtf OWASP
ASVS The Application Security Verification Standard https://github.com/OWASP/ASVS OWASP
dependency-check plugin pro maven, gradle, jenkins, sonarqube... https://github.com/jeremylong/DependencyCheck OWASP
security guides testing, developer, code review, ... https://github.com/OWASP/OWASP-Testing-Guide-v5 OWASP
cheatsheets https://github.com/OWASP/CheatSheetSeries OWASP
SAMM Software Assurance Maturity Model https://owaspsamm.org OWASP
legislativa především č. 181/2014 Sb. (kybernetický zákon) https://govcert.cz/cs/regulace-a-kontrola/legislativa
rychlý návod… ...jak to alespoň nezkonit
1. infrastruktura automatizace, updates, ops vs. hotové řešení (cloud)
2. data bezpečné algoritmy, minimální práva
3. kód dependency-check, statická analýza, pentesty, ASVS
4. lidi školení, konference, prostor pro učení, red teaming
5. firmy SAMM
jak moc, ne jestli je aplikace bezpečná?
jurri
rkaga
maryang
alexandresalome
sublimer
tnoho
shmokmt
hypebeans
kishikawakatsumi
kugimasa
larchanjo
haru860
eddie
bluesmoon
jlugia
mongodb
eileencodes
afnizarnur
csswizardry
lemiorhan
sferik
62gerente
jeffersonlam
sergeychernyshev
lynnandtonic
