OWASP_Fukuoka_Meeting_02_Go_SCP_hoka

Transcript

1. None

2. ⚫ ⚫ ⚫ ⚫ ⚫

3. None

4. ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫

5. None
6. None
7. None
8. None

9. https://owasp.org/www-project-go-secure-coding-practices-guide/ より

10. None

11. ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫

    ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫
12. None

13. https://owasp.org/www-project-top-ten/

14. package main import "net/http" import "io” func handler (w http.ResponseWriter,

    r *http.Request) { io.WriteString(w, r.URL.Query().Get("param1")) } func main () { http.HandleFunc("/", handler) http.ListenAndServe(":8080", nil) } ⚫ ⚫ ⚫

15. package main import "net/http" import "io” func handler (w http.ResponseWriter,

    r *http.Request) { io.WriteString(w, r.URL.Query().Get("param1")) } func main () { http.HandleFunc("/", handler) http.ListenAndServe(":8080", nil) } ⚫ ⚫ ⚫

16. package main import "net/http" import "io” func handler (w http.ResponseWriter,

    r *http.Request) { io.WriteString(w, r.URL.Query().Get("param1")) } func main () { http.HandleFunc("/", handler) http.ListenAndServe(":8080", nil) } ⚫ ⚫ ⚫

17. package main import "net/http" import "html/template“ func handler(w http.ResponseWriter, r

    *http.Request) { param1 := r.URL.Query().Get("param1") tmpl := template.New("hello") tmpl, _ = tmpl.Parse(`{{define "T"}}{{.}}{{end}}`) tmpl.ExecuteTemplate(w, "T", param1) } func main() { http.HandleFunc("/", handler) http.ListenAndServe(":8080", nil) } ⚫ ⚫ ⚫

18. package main import "net/http" import "html/template“ func handler(w http.ResponseWriter, r

    *http.Request) { param1 := r.URL.Query().Get("param1") tmpl := template.New("hello") tmpl, _ = tmpl.Parse(`{{define "T"}}{{.}}{{end}}`) tmpl.ExecuteTemplate(w, "T", param1) } func main() { http.HandleFunc("/", handler) http.ListenAndServe(":8080", nil) } ⚫ ⚫ ⚫

19. package main import "net/http" import "html/template“ func handler(w http.ResponseWriter, r

    *http.Request) { param1 := r.URL.Query().Get("param1") tmpl := template.New("hello") tmpl, _ = tmpl.Parse(`{{define "T"}}{{.}}{{end}}`) tmpl.ExecuteTemplate(w, "T", param1) } func main() { http.HandleFunc("/", handler) http.ListenAndServe(":8080", nil) } ⚫ ⚫ ⚫

20. package main import "net/http" import "html/template“ func handler(w http.ResponseWriter, r

    *http.Request) { param1 := r.URL.Query().Get("param1") tmpl := template.New("hello") tmpl, _ = tmpl.Parse(`{{define "T"}}{{.}}{{end}}`) tmpl.ExecuteTemplate(w, "T", param1) } func main() { http.HandleFunc("/", handler) http.ListenAndServe(":8080", nil) } ⚫ ⚫ ⚫

21. https://owasp.org/www-project-top-ten/

22. SELECT number, expireDate, cvv FROM creditcards WHERE customerId = 1

    OR 1=1 ctx := context.Background() customerId := r.URL.Query().Get("id") query := "SELECT number, expireDate, cvv FROM creditcards WHERE customerId = " + customerId row, _ := db.QueryContext(ctx, query) query := "SELECT number, expireDate, cvv FROM creditcards WHERE customerId = ?" stmt, _ := db.QueryContext(ctx, query, customerId)

23. package main import "fmt" import "math/rand" func main() { fmt.Println("Random

    Number: ", rand.Intn(1984)) } ⚫ ⚫ $ for i in (seq 5); go run main.go ; end Random Number: 1825 Random Number: 1825 Random Number: 1825 Random Number: 1825 Random Number: 1825

24. package main import "fmt" import "math/big" import "crypto/rand" func main()

    { rand, _ := rand.Int(rand.Reader, big.NewInt(1984)) fmt.Printf("Random Number: %d¥n", rand) } ⚫ ⚫ $ for i in (seq 2); go run main.go ; end Random Number: 688 Random Number: 1309

25. ⚫ ⚫ ⚫ ⚫

26. None
27. None

28. ⚫ ⚫ ⚫

29. None

30. ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫

31. ⚫ ⚫ ⚫ ⚫ ⚫

32. ⚫ ⚫ ⚫ ⚫

33. ⚫ ⚫ ⚫ ⚫ ⚫ pass False

34. ⚫ ⚫ pass False

35. • • • • •

36. ⚫

37. None
38. None
39. None
40. None

41. https://docs.docker.com/docker-hub/builds/automated-testing/

42. None
43. None
44. None
45. None
46. None
47. None

48. ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫

49. ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫