੬ऑੑͱԿ͔ w ίϯϐϡʔλͷ04ιϑτΣΞʹ͓͍ͯɺϓϩάϥϜͷෆ۩߹ઃܭ্ͷϛε͕ݪ Ҽͱͳͬͯൃੜͨ͠ใηΩϡϦςΟ্ͷܽؕ w IUUQXXXTPVNVHPKQNBJO@TPTJLJKPIP@UTVTJOTFDVSJUZCBTJDSJTL IUNM w ཁѱ༻Մೳͳόά w 8FCαΠτͷ༰Λॻ͖͑Δ w ൿಗ͖͢ใͷ࿙Ӯ w νʔτɺΓ͢·͠ͳͲ w ଞਓ͘͠αʔϏεʹةΛՃ͑Δ͜ͱ͕Ͱ͖Δ w ৴༻ΛࣦͬͨΓɺۚમతଛࣦͷิరͳͲ
ҙࣄ߲ ˖ 盖鱥㢩ך،فٔ؛٦ءّٝח窫㼎余䷼׃זְ w #VH#PVOUZ੍ w IBDLFSPOFɿIUUQTXXXIBDLFSPOFDPN w $ZCP[V੬ऑੑใ੍ۚ w ͠ݟ͚ͭͨΒ*1"ʹใࠂ͠Α͏ w IUUQTXXXJQBHPKQTFDVSJUZWVMOSFQPSU
8FCΞϓϦέʔγϣϯஅͬͯʁ w 8FCΞϓϦέʔγϣϯʹରͯ͠߈ܸऀࢹͰ੬ऑੑΛݟ͚ͭΔ w ରͷѲɺݟੵΓ ˖ خ٦ٕד鏺倖׃אאծخ٦ٕדכ嗚⳿♶〳腉ז鏺倖䩛⹛ד ˖ 䕦갟װⱄ植倯岀זוחאְג㜠デ剅⡲䧭 w ݟΔ߲ w IUUQTJFSBFDPKQTFSWJDFXFCBQQMJDBUJPO w ͜͜ʹهࡌ͕ͳ͍ͷ֬ೝ͠·͢
੬ऑੑஅνϡʔτϦΞϧ w ϢʔβʔొɺϩάΠϯɺϙετͷߘɺฤूɺআͳͲΛͬͯΈΑ͏ w ֤छૢ࡞Λͨ͠ͱ͖ʹ w ͲΜͳϝιουΛ͍ͬͯΔ͔ʁ w ͲΜͳύϥϝʔλΛૹ৴͍ͯ͠Δ͔ʁύϥϝʔλͷҙຯʁ w ͲΜͳϨεϙϯε͕ฦ͍ͬͯΔ͔ʁ w ͳͲʹ͠Α͏ w &Y ϩάΠϯͰ1045ϝιουΛͬͯɺೝূΛ͍ͯ͠ΔɻϦμΠϨΫτͰϩάΠϯޙ τοϓʹϦμΠϨΫτ͞ΕΔɻ ˖ 兛媮⢪欽׃גְػأٙ٦سװꅾ銲ז䞔㜠כ剅ֹ鴥תזְ״ֲח孡אֽגְֻׁ
੬ऑੑஅνϡʔτϦΞϧ w ݖݶ֎ૢ࡞ w ηογϣϯΛݟ͍ͯͳ͍ͷͰύϥϝʔλΛมߋ͢ΔͱɺҙͷϢʔβʔͰϙετΛ ࡞Ͱ͖Δ w 944 w ѱҙ͋Δ+BWB4DSJQUͷ࣮ߦِใͷදࣔ w $43' w ඃऀͷݖݶͰ֬ఆॲཧ͕࣮ߦ͞ΕΔ w 42-ΠϯδΣΫγϣϯ w 42-จͷෆਖ਼ͳվมʹΑΔใ࿙͍͑ͳͲ
੬ऑੑஅνϡʔτϦΞϧ ˖ 埄ꣲ㢩乼⡲ ˖ إحءّٝ鋅גְזְךדػًٓ٦ة㢌刿ׅהծ⟣䠐ךِ٦ؠ٦דهأز ⡲䧭דֹ w 944 w ѱҙ͋Δ+BWB4DSJQUͷ࣮ߦِใͷදࣔ w $43' w ඃऀͷݖݶͰ֬ఆॲཧ͕࣮ߦ͞ΕΔ w 42-ΠϯδΣΫγϣϯ w 42-จͷෆਖ਼ͳվมʹΑΔใ࿙͍͑ͳͲ
ηογϣϯ*%ͰؾΛ͚ͭΔ͜ͱ w ηογϣϯ*%ୈऀ͕༧ଌෆՄೳͳͷͰ͋Δ͜ͱ w ηογϣϯ*%Λ63-ʹؚΊͳ͍ w IUUQTFYBNQMFDPNNZQBHF KTFTTJPOJEBCDEFGH w 3FGFSFSʹΑͬͯϦϯΫઌͷ63-ૹ৴͞ΕΔ w ϩάΠϯޭޙʹηογϣϯ*%Λ৽͘͠ൃߦ͢Δ w 4FTTJPO'JYBUJPO ηογϣϯݻఆԽ߈ܸʣ w )5514௨৴Ͱར༻͢Δ߹TFDVSFଐੑΛ͚ͭΔ w )551௨৴Ͱૹ৴͠ͳ͍Α͏ʹ͢Δ͜ͱͰ౪ௌʹΑΔෆਖ਼औΛ͙
੬ऑੑஅνϡʔτϦΞϧ w ݖݶ֎ૢ࡞ w ηογϣϯΛݟ͍ͯͳ͍ͷͰύϥϝʔλΛมߋ͢ΔͱɺҙͷϢʔβʔͰϙετΛ ࡞Ͱ͖Δ ˖ 944 ˖ 䝤䠐֮+BWB4DSJQUך㹋遤װ⩝䞔㜠ך邌爙 w $43' w ඃऀͷݖݶͰ֬ఆॲཧ͕࣮ߦ͞ΕΔ w 42-ΠϯδΣΫγϣϯ w 42-จͷෆਖ਼ͳվมʹΑΔใ࿙͍͑ͳͲ
944ͷӨڹ Өڹɿ+BWB4DSJQUדדֹֿה͑944דדֹֿה w ηογϣϯΛ౪·ΕͯΓ͢·͠ඃʹ߹͏ w ෆਖ਼ͳ+BWB4DSJQU͕ಈ࡞͠ɺΞϓϦέʔγϣϯͷػೳΛѱ༻͞ΕΔ w ِͷϑΥʔϜΛ࡞Γग़͢ͳͲͯ͠ɺϑΟογϯάʹ߹͏ w ѱ࣭ͳϖʔδϦμΠϨΫτ ൃੜՕॴɿ)5.-+BWB4DSJQUΛੜ͍ͯ͠Δͱ͜Ζ
3BJMTͩͱ w ҆ʹग़ྗͯ͠μϝɻIUUQͱIUUQTͳͲͷΈʹ੍ݶΛ͔͚Δɻ w KBWBTDSJQUEBUBͳͲΛڐՄ͠ͳ͍Α͏ʹϗϫΠτϦετͰ੍ݶ // Bad <%= link_to link, link %> <%= link %> // Good <%= sanitize link_to link, link %> w Τεέʔϓͷ࣮ w IUUQTHJUIVCDPNSBJMTSBJMTCMPCNBTUFSBDUJWFTVQQPSUMJC BDUJWF@TVQQPSUDPSF@FYUTUSJOHPVUQVU@TBGFUZSC w IUUQBQJSVCZPOSBJMTPSHDMBTTFT"DUJPO7JFX)FMQFST4BOJUJ[F)FMQFSIUNM
944ରࡦେม w έʔεόΠέʔεʹͳΓ͕ͪ w ಛఆͷ)5.-λάϢʔβʔೖྗ$44ΛڐՄ͍ͨ͠ w TWHPOMPBEBMFSU
w QTUZMFYFYQSFTTJPO BMFSU
w .BSLEPXOͦͷଞͷϚʔΫΞοϓݴޠΛ)5.-ϨϯμϦϯά͍ͨ͠ w KBWBTDSJQUBMFSU
w IUUQTIBDLFSPOFDPNSFQPSUT w ҆શͳΣϒαΠτͷ࡞ΓํΫϩεαΠτεΫϦϓςΟϯά w IUUQTXXXJQBHPKQpMFTQEGQBHF w %0.ϕʔε944ରࡦνʔτγʔτ w IUUQTKQDFSUDDHJUIVCJP08"41EPDVNFOUT$IFBU4IFFUT%0.CBTFE9441SFWFOUJPOIUNM "> [example.com](javascript:alert(1))
؇తରࡦ w ੬ऑੑଘࡏ͢Δ͚Ͳɺѱ༻͕͍͠Ϩϕϧʹམͱ͠ࠐΉ ˖ $PPLJFךIUUQPOMZ㾩䚍 w +BWB4DSJQU͔Β$PPLJFΛ৮Εͳͯ͘͠ɺηογϣϯϋΠδϟοΫ͔ΒकΔ ˖ 99441SPUFDUJPOقحت٦ w ϒϥβͷ944ݕɾࢭػೳ ˖ $41$POUFOU4FDVSJUZ1PMJDZ
੬ऑੑஅνϡʔτϦΞϧ w ݖݶ֎ૢ࡞ w ηογϣϯΛݟ͍ͯͳ͍ͷͰύϥϝʔλΛมߋ͢ΔͱɺҙͷϢʔβʔͰϙετΛ ࡞Ͱ͖Δ w 944 w ѱҙ͋Δ+BWB4DSJQUͷ࣮ߦِใͷදࣔ ˖ $43' ˖ 鄃㹱罏ך埄ꣲד然㹀Ⳣ椚ָ㹋遤ׁ w 42-ΠϯδΣΫγϣϯ w 42-จͷෆਖ਼ͳվมʹΑΔใ࿙͍͑ͳͲ
ݪҼ w 8FCͷಛੑΛ׆͔ͨ͠੬ऑੑ w GPSNͷૹ৴ઌͲͷυϝΠϯͰ0, w FWJMDPNͷϖʔδ͚ͩͲFYBNQMFDPNʹૹ৴Ͱ͖Δ w ͦͷࡍɺ$PPLJFରͷαΠτʹࣗಈతʹૹ৴͞ΕΔ w ਖ਼نʢར༻ऀ͕ҙਤͨ͠ʣϦΫΤετͰ͋Δ͜ͱΛ֬ೝ͢Δ w $43'τʔΫϯͷຒΊࠐΈ w 3FGFSFSͷνΣοΫʢ߹ʹΑͬͯૹ৴͞Εͳ͍ͷͰʣ
$43'ରࡦ w 3BJMTͳͲͷ࠷ۙͷϑϨʔϜϫʔΫͰσϑΥϧτͰ༗ޮ w ϑΥʔϜ࡞࣌ʹࣗಈͰຒΊࠐ·ΕɺνΣοΫͯ͘͠ΕΔ w IUUQTHJUIVCDPNSBJMTSBJMTCMPCNBTUFSBDUJPOQBDL MJCBDUJPO@DPOUSPMMFSNFUBM SFRVFTU@GPSHFSZ@QSPUFDUJPOSC w IUUQUBLBHJIJSPNJUTVKQEJBSZIUNM
w 3BJMTͰ+BWB4DSJQUͬͯ1045͍ͨ͠ΜͰ͕͢ <% form_for @post, remote: true do |f| %> w NFUBλάͷ$43'τʔΫϯΛ9$43'5PLFOϔομʹηοτ w IUUQTHJUIVCDPNSBJMTKRVFSZSBJMTCMPCNBTUFSWFOEPS BTTFUTKBWBTDSJQUTKRVFSZ@VKTKT- X-CSRF-Token: KvDjn0XOpeK2dXiJ0sKXMzFYmnfQrkoY... w %KBOHPIUUQTEPDTEKBOHPQSPKFDUDPNFOSFGDTSGBKBY
ͱ͍͑ɺ࣌41" w Ͳ͏ͬͯ$43'ରࡦ͢Ε͍͍Ͱ͔͢ w ಠࣗϔομΛ্͚ͭͨͰɺ015*0/4ʹԠ͠ͳ͍ w ࣮ࡍͷॲཧͷલʹ1SFqJHIU͕ඈͿ w +85Ͱೝূͯ͠ϔομͰεςʔτϨεͳঢ়ଶͰ w MPDBM4UPSBHFʹอଘ͢Δ͜ͱ͕ଟ͍ ͕ɺવIUUQ0OMZͷΑ͏ͳػೳແ͍ͷ Ͱؾ߹Ͱ944Λ௵͞ͳ͚ΕͳΒͳ͍ w IUUQEIBUFOBOFKQIBTFHBXBZPTVLFQ w 0SJHJO͕ਖ਼͍͠63-Ͱ͋Γɺ9'SPN͕͋Δ͜ͱ w 0SJHJO͕ਖ਼͍͠9)33FRVFTU8JUI͕͋Δ IUUQTXXXPXBTQPSHJOEFYQIQ$SPTT4JUF@3FRVFTU@'PSHFSZ@ $43' @1SFWFOUJPO@$IFBU@4IFFU1SPUFDUJOH@3&45@4FSWJDFT@6TF@PG@$VTUPN@3FRVFTU@)FBEFST
੬ऑੑஅνϡʔτϦΞϧ w ݖݶ֎ૢ࡞ w ηογϣϯΛݟ͍ͯͳ͍ͷͰύϥϝʔλΛมߋ͢ΔͱɺҙͷϢʔβʔͰϙετΛ࡞ Ͱ͖Δ w 944 w ѱҙ͋Δ+BWB4DSJQUͷ࣮ߦِใͷදࣔ w $43' w ඃऀͷݖݶͰ֬ఆॲཧ͕࣮ߦ͞ΕΔ ˖ 42-؎ٝآؙؑءّٝ ˖ 42-俑ך♶姻ז何㢌ח״䞔㜠怩ְִזו
42-ΠϯδΣΫγϣϯ SELECT * FROM post WHERE title LIKE '%#{title}%' // #{title} = "title" SELECT * FROM post WHERE title LIKE 'title' // #{title} = "O'Reilly" SELECT * FROM post WHERE title LIKE 'O'Reilly' // #{title} = "title'; DELETE FROM post;-- " SELECT * FROM post WHERE title LIKE 'title'; DELETE FROM post;-- OBNFVTFS03QBTT 4&-&$5'30.VTFS 8)&3&OBNFVTFS03"/%QBTTXPSE -PHJO4VDDFTT
࣮ࡍͷஅ w 42-ΠϯδΣΫγϣϯͦͷੑ্࣭ɺσʔλϕʔεͷফڈͳͲͷՄೳੑ ͕͋ΔͷͰɺ৻ॏʹߦΘͳ͚ΕͳΒͳ͍ w ؾܰʹ8FCαΠτͰࢼ͞ͳ͍ํ͕͍͍ w 42-ΠϯδΣΫγϣϯ͕͋Δͱ͔Εྑ͍ͷͰɺग़དྷΔݶΓ҆શͳํ ๏ͰݕࠪΛߦ͏ w 5SVF'BMTF w ԋࢉɺจࣈྻ࿈݁ w TMFFQͳͲൺֱత҆શͳؔ
ʢͰ͖Δ͚ͩʣ҆શͳݕࠪ w ʮ"/% ʯͰݕࡧ w ʮ"/% ʯͰݕࡧ SELECT * FROM posts WHERE (title = 'hoge' AND 1=1)-- SELECT * FROM posts WHERE (title = 'hoge' AND 1=2)-- 5SVFͳͷͰ ಉ͡ݕࡧ݁Ռ͕ฦΔ 'BMTFͳͷͰ ࣜશମ͕'BMTFͱͳΓ ԿฦΒͳ͍
w จࣈྻ࿈݁ w IUUQTFYBNQMFDPN TFBSDIUFccTU w ʮUFTUʯͱʮUF]]TUʯͰಉ͡Ϩεϙϯε͕ฦΔ͜ͱΛ͔֬ΊΔ SELECT * FROM posts WHERE (title = 'te' || 'st') w ΤϥʔͰ֬ೝ͢Δ w IUUQTFYBNQMFDPN TFBSDIˠΤϥʔ w IUUQTFYBNQMFDPN TFBSDIˠ0, SELECT * FROM posts WHERE (title = ''') # Syntax Error SELECT * FROM posts WHERE (title = '''') ʢͰ͖Δ͚ͩʣ҆શͳݕࠪ
SELECT * FROM posts WHERE (id = 2+1) w w IUUQTFYBNQMFDPNQPTU w ʮʯʮʯͱ͢Δ͜ͱͰಉ͡Ϩεϙϯε͕ฦΔ͜ͱΛ͔֬ΊΔ w TMFFQ w IUUQTFYNBQMFDPN TFBSDIUFTU w UFTU"/% 4&-&$5'30. 4&-&$5 4-&&1
B
w ϦΫΤετΛૹ৴ͯ͠ඵޙʹϨεϙϯε͕ฦΔ͜ͱΛ͔֬ΊΔ SELECT * FROM posts WHERE (title = 'test' AND (SELECT * FROM (SELECT (SLEEP(10)))a))-- ʢͰ͖Δ͚ͩʣ҆શͳݕࠪ
ରࡦ w 42-จͷΈཱͯ੩తϓϨʔεϗϧμͰ࣮͢Δ w ʮʁʯʹՄมͷύϥϝʔλʢมͳͲʣ͕ຒΊࠐ·ΕΔ w %#Ͱ42-จͷίϯύΠϧ͕ߦΘΕɺ͕όΠϯυ͞ΕΔ SELECT * FROM posts WHERE (title = ?) w 03.ͷػೳΛదʹ͍ɺจࣈྻ݁߹ͳͲ͠ͳ͍ͷ͕మଇ w 3BJMTͳͲͷϑϨʔϜϫʔΫ ͱ͍͏ΑΓ03.ʣ͕ϝιουΛఏڙ͍ͯ͠Δ w ࣗͰ42-Λจࣈྻ࿈݁͢Δඞཁͳ͍ w ٯʹෳࡶͳΫΤϦͰͳ͍ͷʹจࣈྻ࿈݁͢Δͱ͖͓͔͍͠ͱࢥͬͨํ͕͍͍ Post.where(title: title) # SELECT * FROM posts WHERE (title = 'title');
3BJMTͰͷϓϨʔεϗϧμ # Good Post.where("title = ?", title) w จࣈྻ݁߹ʢల։ʣͳͲͰΫΤϦΛΈཱͯͯͳΒͳ͍ # Bad Post.where("title = '#{title}'") Post.find_by_sql("SELECT * FROM posts WHERE title = '#{title}'") w "DUJWF3FDPSEͰҾΛαχλΠζ͠ͳ͍ϝιου͕͋ΔͷͰɺ ҙͯ͠42-Λॻ͘ w IUUQTSBJMTTRMJPSH
ͦͷଞͷ੬ऑੑ w ڧ੍ϒϥζ w 63-ʹΞΫηε͢Δ͜ͱͰඇެ։ϙετΛݟΕΔ w JEʹΑΔ࿈൪ QPTUTͷΑ͏ͳ ͳͷͰɺਪଌ͕༰қ w ྫ͑ɺҙͷϑΝΠϧڞ༗Λߦ͏߹ͳͲʮڞ༗ͨ͠Ϣʔβʔ͔֬ೝ͢Δʯʮे ʹෳࡶͰ͍JEʢQPTUT,X%XC#QHO"K"-"%ͷΑ͏ͳ Λൃߦ͢ΔʯͳͲ͢Δ w ੬ऑੑͱ͍͏ΑΓվળͨ͠ํ͕ྑ͍ w $PPLJFʹ)UUQ0OMZଐੑ
TFDVSFଐੑ͕༩͞Ε͍ͯͳ͍ w )551ͰͷϩάΠϯ͕Մೳ w ΞΧϯτϩοΫͳ͠ w ੬ऑͳύεϫʔυʢQBTTXPSEʣ͕༻Մೳ
ΦʔϓϯϦμΠϨΫτ w ࢦఆ͞ΕͨϖʔδϦμΠϨΫτ͢Δࡍʹɺ߈ܸऀ͕ࢦఆͨ͠ҙͷ63-ϦμΠ ϨΫτ ˖ IUUQTFYNBQMFDPNMPHJO SFEJSFDUIUUQFWJMDPN w ͦͷυϝΠϯΛ৴པͯ͠ΞΫηεͨ͠ʹؔΘΒͣɺѱҙ͋ΔαΠτʹϦμΠϨ Ϋτ͞ΕΔͷͰ৴པΛଛͳ͏ w ϦμΠϨΫτઌʹِͷϑΥʔϜΛදࣔͤ͞ΔͳͲͯ͠ϑΟογϯά w ϦμΠϨΫτઌΛϢʔβʔͷೖྗ͔ΒߦΘͳ͍ɻϗϫΠτϦετԽ͢Δɻ w IUUQTXXXPXBTQPSHJOEFYQIQ 6OWBMJEBUFE@3FEJSFDUT@BOE@'PSXBSET@$IFBU@4IFFU w IUUQHJIZPKQEFWTFSJBMKBWBTDSJQUTFDVSJUZ
ύεϫʔυ࿙Ӯରࡦ ˖ ػأٙ٦سכ窫㼎ח䎂俑ד⥂㶷׃זְ农〾⻉تً ˖ إزعحءُأزٖحثؚٝ w ύεϫʔυϦϚΠϯμͰͳ͘ɺύεϫʔυϦηοτͰ w 0"VUIͳͲͰࣗલͰύεϫʔυΛ࣋ͨͳ͍ํ w ࠷ۙͷϑϨʔϜϫʔΫͰ҆શੑͷߴ͍ΞϧΰϦζϜ͕࠾༻͞Ε͍ͯΔ w 3BJMTˠCDSZQU IBT@TFDVSF@QBTTXPSEΛϞσϧʹՃ͢Δ͚ͩ
w %KBOHPˠ1#,%' w IUUQXXXBUNBSLJUDPKQBJUBSUJDMFTOFXT@IUNM w IUUQTXXXPXBTQPSHJOEFYQIQ1BTTXPSE@4UPSBHF@$IFBU@4IFFU
.BTT"TTJHONFOU w 3BJMTͰऔΓ্͛ΒΕΔ͜ͱ͕ଟ͍͕ɺͲͷϑϨʔϜϫʔΫͰى͜Δ w 3BJMTͰ4USPOH1BSBNFUFSͰݕূΛߦ͏ w )551ϦΫΤετͷΛݕࠪͯ͠ϩδοΫ͢ # Controller class Users < ApplicationController def create # params[:user] = {:name => mrtc0, :passwrod => pass} @user = User.create params[:user] end end # HTTP Request Body user[name]=mrtc0&user[password]=pass&user[is_admin]=true
ϑΝΠϧΞοϓϩʔυ w %P4ରࡦ w ڊେͳϑΝΠϧͷૹ৴Λ͙ͨΊʹϑΝΠϧαΠζͷ্ݶΛઃఆ͢Δ͜ͱ w ͘͠ඇಉظͰ࣮ߦΛߦ͏ w ϑΝΠϧͷछྨͷ੍ݶ w ֦ுࢠͰͳ͘ɺ.*.&5ZQFɺϚδοΫφϯόʔͳͲͰϑΝΠϧͷछྨΛผ͢Δ w ֦ுࢠΛِ͠ѱҙ͋Δ3VCZ1)1εΫϦϓτΛΞοϓϩʔυ͞Εͳ͍Α͏ʹ w อଘ͢ΔࡍϑΝΠϧ໊ʹϥϯμϜͳΛ w Ͱ͖ͳ͍߹ڐՄՄೳͳจࣈྻΛϗϫΠτϦετԽ w QBTTXEͳͲΛࢦఆ͞ΕɺσΟϨΫτϦτϥόʔαϧ͞Εͳ͍Α͏ʹ
ϑΝΠϧΞοϓϩʔυ w ѹॖϑΝΠϧΛΞοϓϩʔυ͠ల։͢Δࡍɺల։લʹϑΝΠϧͷछྨల։࣌ ͷαΠζΛ֬ೝ͢Δ w γϯϘϦοΫϦϯΫΛͬͨ߈ܸ[JQCPNCͳͲΛ͙ w IUUQTIBDLFSPOFDPNSFQPSUT w ΞΫηε੍ݶɺݖݶΛదʹઃఆ͢Δ w Ӿཡݖݶͷͳ͍Ϣʔβʔ͕ӾཡɺμϯϩʔυͰ͖ͳ͍Α͏ʹ w อଘઌ4ͳͲͷΫϥυετϨʔδαʔϏεΞοϓϩʔυ͢Δ͜ͱΛݕ౼͢ Δ w อݥతରࡦ͕ͩɺΞϓϦέʔγϣϯͱΓ͢͜ͱͰηΩϡϦςΟΛ؇
ηΩϡϦςΟؔͷ)551ϔομ w ৭ʑ͋Δ͕ɺͱΓ͚͓͚͋͑ͣͭͯͱ͍͏ϔομ w 99441SPUFDUJPONPEFCMPDL w 944'JMUFS"VEJUPSΛ༗ޮ w 9$POUFOU5ZQF0QUJPOTOPTOJ⒎ w *&$POUFOU5ZQFΛແࢹ͢Δ͜ͱ͕͋ΔͷͰ w 9'SBNF0QUJPOT4".&03*(*/ w ΫϦοΫδϟοΩϯάࢭ w વΞϓϦέʔγϣϯʹΑͬͯઃఆ͢ΔมΘΔͷͰɺదʹઃఆ͢Δ͜ͱ
-FUT੬ऑੑஅ w ౡ͝ͱʹνʔϜʹͳͬͯஅΛ͍ͯͩ͘͠͞ w ࠷ޙʹ֤νʔϜʹݟ͚ͭͨ੬ऑੑʹ͍ͭͯൃදͯ͠Β͍·͢ w Ͳͷը໘ 63- Ͱ w Ͳ͏͍ͬͨૢ࡞Λͨ͠Β w Ͳ͏͍ͬͨ੬ऑੑ͕ݟ͔͔ͭͬͨ w ͜ͷΞϓϦέʔγϣϯͰͲͷΑ͏ͳӨڹ͕͋Δ͔ʢͰ͖Εରࡦʹ͍ͭͯʣ w ൃදޙ$ZCP[V-JWFʹ֤νʔϜ͕ݟ͚ͭͨ੬ऑੑͷ؆қใࠂॻΛΞοϓ͍ͯͩ͘͠͞ɻ w ݟ͚ͭͨΒҰਓ͕ใࠂॻ࡞ʹճΔͳͲɺޮతͳஅΛ͢Δ͜ͱΛΦεεϝ͠· ͢ɻ
੬ऑੑใࠂλΠϜ w νʔϜͰදऀਓ͕ݟ͚ͭͨ੬ऑੑʹ͍ͭͯͭൃද w Ͳͷը໘ 63- Ͱ w Ͳ͏͍ͬͨૢ࡞Λͨ͠Β w Ͳ͏͍ͬͨ੬ऑੑ͕ݟ͔͔ͭͬͨ w ͜ͷΞϓϦέʔγϣϯͰͲͷΑ͏ͳӨڹ͕͋Δ͔ʢͰ͖Ε ରࡦʹ͍ͭͯʣ w ൃදޙʹ؆қใࠂॻΛ$ZCP[V-JWFʹڞ༗͍ͯͩ͘͠͞
ҙࣄ߲ʢ࠶ܝʣ ˖ 盖鱥㢩ך،فٔ؛٦ءّٝח㼎׃ג窫㼎余䷼׃זְ w #VH#PVOUZ੍ w IBDLFSPOFɿIUUQTXXXIBDLFSPOFDPN w $ZCP[V੬ऑੑใ੍ۚ w *1"ʹใࠂ͠Α͏ w IUUQTXXXJQBHPKQTFDVSJUZWVMOSFQPSU w ࠷Ͱࠓճॻ͍ͨ؆қใࠂॻϨϕϧͷ༰Ͱಧ͚ग़͠Α͏
ࢀߟ w ମܥతʹֶͿ҆શͳ8FCΞϓϦέʔγϣϯͷ࡞Γํ w IUUQTXXXBNB[PODPKQEQ w ΊΜͲ͏͍͘͞8FCηΩϡϦςΟ w IUUQTXXXBNB[PODPKQEQ w ҆શͳΣϒαΠτͷ࡞Γํ w IUUQTXXXJQBHPKQTFDVSJUZWVMOXFCTFDVSJUZIUNM w 3BJMT42-*OKFDUJPO w IUUQTSBJMTTRMJPSH w 08"41501 w IUUQTXXXPXBTQPSHJOEFYQIQ5PQ@@5PQ@
mrtc0
kizuku_miyagi
okashoi
hassaku63
hpgrahsl
hiranabe
iwatatomoya
ogiwarat
youtalk
aethiopicuschan
umsys
k9i
philipschwarz
chriscoyier
malarkey
rasmusluckow
brianwarren
kastner
phodgson
carmenintech
addyosmani
eileencodes
sachag
jonrohan