Upgrade to Pro — share decks privately, control downloads, hide ads and more …

WordPressのセキュリティについて / gifuwpm20-wordpress-security

Koji Kuno
March 14, 2020
Programming
0
68

WordPressのセキュリティについて / gifuwpm20-wordpress-security

Gifu WordPress Meetup #20 での登壇資料です。

Koji Kuno

March 14, 2020
Tweet

More Decks by Koji Kuno

See All by Koji Kuno
WordPress(再)入門 - 運用・学習編
oleindesign
0
11
WordPress(再)入門 - カスタマイズ編
oleindesign
0
59
WordPress(再)入門 - コンテンツ作成方法編
oleindesign
0
54
WordPress(再)入門 - テーマ・プラグイン編 / introduction-to-wordpress-again-theme-plugin
oleindesign
0
75
WordPress(再)入門 - 基本設定編 / introduction-to-wordpress-again-basic-settings
oleindesign
0
160
WordPress(再)入門 - 基礎知識・環境編
oleindesign
1
340
超入門サイトエディター / Easiest-introduction-of-Site-Editor
oleindesign
0
150
Walk-Through WordPress 6.1
oleindesign
0
79
超入門フルサイト編集/easiest introduction of full site editing
oleindesign
0
230

Other Decks in Programming

See All in Programming
pnpm workspace実践ノウハウ
mh4gf
8
950
Building Tebukuro with Hotwire and Rails
murajun1978
0
150
_アニメーション抜き__MVIに基づくStateMachineアーキテクチャ_KMPとJetpack_ComposeとSwiftUIを組み合わせる.pdf
gmvalentino8
4
530
PHP8.2にバージョンアップして もっと型表現を豊かにしよう
akitotsukahara
0
150
ブラウザで「今すぐ」gemを読み込む方法 / Load-gem-from-browser-JUST-NOW
lnit
0
280
The Unyielding Spirit Of Android - Droidcon NYC '23
adammc331
1
160
第4回 AWSとGitHub勉強会 - GitHub Actionsを使ったCD環境の構築 -
ogiwarat
0
110
A Practitioner's Journey from Ruby 1.8 to Present
koic
1
680
Static Hermes (React Native EU 2023 Announcement)
tmikov2023
0
2.7k
身に覚えのないDeveloper Program License違反を通告されてアプリの検索順位を下げられた時の闘い方 / iosdc2023-rookies-lt
ski
0
340
Henjou-Renderer
kinakomoti321
0
140
作って学ぶadbプロトコル / Create and learn adb protocols
ntsk
0
800

Featured

See All Featured
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.9k
Art, The Web, and Tiny UX
lynnandtonic
285
18k
It's Worth the Effort
3n
179
27k
Learning to Love Humans: Emotional Interface Design
aarron
265
38k
Reflections from 52 weeks, 52 projects
jeffersonlam
342
18k
Building a Scalable Design System with Sketch
lauravandoore
453
31k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.8k
Facilitating Awesome Meetings
lara
37
5.1k
Code Reviewing Like a Champion
maltzj
510
38k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.1k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
239
20k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
11
870

Transcript

  1. 8PSE1SFTTͷηΩϡϦςΟʹ
    ͍ͭͯ
    (JGV8PSE1SFTT.FFUVQ
    ೥݄೔ʢ౔ʣʙ

    View Slide

  2. ࣗݾ঺հ
    w 8FC੍࡞ܥϑϦʔϥϯε
    w ࠷ۙʮσʔλɾαΠΤϯεʯʹ͍ͭͯڵຯ௡ʑ
    w ग़਎͸άϥϑΟοΫσβΠϯɻ8FC͸׬શಠֶɻ
    w ಈը഑৴ʹ΋खΛग़࢝͠Ίͨɻ

    View Slide

  3. 8PSE1SFTTͷηΩϡϦςΟʹ
    ͍ͭͯ

    View Slide

  4. ৘ใηΩϡϦςΟͷ̏෼ྨ
    w ਓతڴҖ

    ˠ৘ใΛ౪Ήɾෆਖ਼ར༻ɾޡૢ࡞ͳͲਓ͕ى͜͢΋ͷ
    w ٕज़తڴҖ

    ˠෆਖ਼ΞΫηεɾվ͟ΜɾΫϥοΩϯά
    w ෺ཧతڴҖ

    ˠαʔόʔ͕෺ཧతʹյΕΔͳͲ

    View Slide

  5. 8PSE1SFTT͸ૂΘΕ΍͍͢ʁ
    w ʮૂΘΕ΍͍͢ʯͱࢥ͏ʢݸਓతײ૝ʣ
    w γΣΞ͔Βߟ͑ͯ8PSE1SFTTΛૂ͑͹खͬऔΓૣ͍ͱߟ
    ͑Δͷ͕ଥ౰
    w ΦʔϓϯιʔεͳͷͰத਎͸୭Ͱ΋ݟΔ͜ͱ͕Ͱ͖Δ

    View Slide

  6. ຊ౰ʹ8PSE1SFTT͡Όͳ͍ͱμϝʁ
    w ͦͷ΢ΣϒαΠτ͕8PSE1SFTTͰ͋Δ΂͖ཧ༝͸ʁ
    w ଞͷແྉɾ༗ྉϒϩάαʔϏεͰ͸ͩΊʁ
    w ੩త΢ΣϒαΠτͰྑ͍ͷͰ͸ʁ

    View Slide

  7. ޮՌ͕ߴ͍ʢͱߟ͑ΒΕΔʣ
    ରࡦ
    ύεϫʔυͷ؅ཧ
    ΞοϓσʔτΛ͢Δ
    ϩάΠϯ63-Λมߋ͢Δ
    44-Խ
    8"'ಋೖ
    ࢖Θͳ͍ςʔϚɾϓϥάΠϯͷແޮԽ࡟আ

    View Slide

  8. ύεϫʔυͷ؅ཧ
    w ೦ͷͨΊॳظύεϫʔυ͔Βมߋ͓ͯ͜͠͏
    w ҆શͳύεϫʔυͱ͸ʁʢ૯຿লࢀরʣ
    ໊લͳͲͷݸਓ৘ใ͔Β͸ਪଌͰ͖ͳ͍͜ͱ
    ӳ୯ޠͳͲΛͦͷ··࢖༻͠ͳ͍͜ͱ
    ΞϧϑΝϕοτͱ਺ࣈ͕ࠞࡏ͍ͯ͠Δ͜ͱ
    ద੾ͳ௕͞ͷจࣈྻͰ͋Δ͜ͱ
    ྨਪ͠΍͍͢ฒͼํ΍ͦͷ༰қͳ૊Έ߹Θͤʹ͠ͳ͍͜ͱ

    View Slide

  9. ύεϫʔυͷ࠷େղಡ࣌ؒ
    https://www.ipa.go.jp/security/txt/2008/10outline.html

    View Slide

  10. ΞοϓσʔτΛ͢Δ
    w 8PSE1SFTTίΞͷߋ৽ʢϚΠφʔ͸ࣗಈʣ
    w ϓϥάΠϯςʔϚͷߋ৽
    w ίΞWFSʹରԠ͍ͯ͠Δ͔֬ೝ͢Δ΂͖

    View Slide

  11. ϓϥάΠϯͷબͼํ

    View Slide

  12. όοΫΞοϓΛऔಘ͠Α͏
    w ΞοϓσʔτΛ࣮ߦͯ͠ը໘͕ਅͬനʹʜ
    w ͦΜͳ࣌ʹ͸ɺόοΫΞοϓσʔλͰ෮ݩ͠·͢
    w "MMJO0OF81.JHSBUJPO͕ʢݸਓతʹ͸ʣ͓͢͢Ί

    ˠόοΫΞοϓऔಘͱ෮ݩ͕؆୯
    w ීஈ͔ΒఆظతͳόοΫΞοϓΛεέδϡʔϧԽ͢Δ

    View Slide

  13. ϩάΠϯ63-Λมߋ͢Δ
    IUUQTTBNQMFDPNXQMPHJOQIQ

    View Slide

  14. ϩάΠϯ63-Λมߋ͢Δ
    w खಈͰରԠ΋Մೳ

    ˠϋʔυϧ͕ߴ͍ͷͰϓϥάΠϯͰػೳ௥Ճ͕Φεεϝ
    w 4JUF(VBSE811MVHJO
    w ʲ஫ҙʳ༗ޮԽͨ͠Βඪ४ઃఆͰϩάΠϯ63-͕มߋ
    ͞Εͯ͠·͏ͷͰѻ͍ʹ஫ҙ
    w Ճ͑ͯϩάΠϯը໘ʹ#"4*$ೝূΛ෇͚Δͱ͍͏ख΋

    View Slide

  15. 44-Խ
    w 4FDVSF4PDLFUT-BZFSͷུ
    w ΢ΣϒαΠτͱσόΠεʢ1$ͳͲʣͱͷؒͰ΍ΓऔΓ͢
    ΔσʔλΛ҉߸Խͯ͠౪Έʹ͘͘͢Δ࢓૊Έ
    w IUUQTʙͰΞΫηεͰ͖Δ΢ΣϒαΠτ͸ରԠࡁΈ
    w (PPHMF$ISPNFͳͲͰ͸ରԠ͍ͯ͠ͳ͍ͱʮอޢ͞Εͯ
    ͍ͳ͍௨৴ʯͱදࣔ͞ΕͨΓ͢Δ

    View Slide

  16. 44-Խͷํ๏
    w ར༻͍ͯ͠ΔαʔϏε΍αʔόʔʹΑ༷ͬͯʑͳͷͰҰ
    ֓ʹํ๏ΛఏࣔͰ͖ͳ͍
    w طଘ΢ΣϒαΠτΛରԠ͢Δ৔߹ɺαΠτ಺ʹઃஔ͞Ε
    ͍ͯΔϦϯΫશ͕ͯIUUQTʙʹͳ͍ͬͯͳ͍ͱ׬શͳ
    44-Խʹ͸ͳΒͳ͍ʢNJYFEDPOUFOUʣ
    w ద౰ʹ΍Βͣʹ༗ࣝऀʹ૬ஊ͢Δ͜ͱΛ͓קΊ͠·͢

    View Slide

  17. 8"'ಋೖ
    w 8FC"QQMJDBUJPO'JSFXBMMͷུ
    w αʔόʔଆPSϓϥάΠϯͰͷಋೖ͕Ұൠత
    w 9TFSWFSϩϦϙTBLVSB͸ར༻Մೳ
    w 8PSEGFODF4FDVSJUZ'JSFXBMM.BMXBSF4DBOͳͲ
    w 81ɾϓϥάΠϯͷػೳʹΑΔΞΫηεΛޡͬͯःஅͯ͠
    ͠·͏͜ͱ͕͋Δˠνϡʔχϯά͕ඞཁͳ৔߹΋͋Δ

    View Slide

  18. ࢖Θͳ͍ςʔϚɾϓϥάΠϯͷ
    ແޮԽ࡟আ
    w ඪ४Ͱ5XFOUZʙςʔϚ͕ෳ਺Πϯετʔϧ͞Ε͍ͯΔ͕
    ෆཁͳΒ࡟আʢఆظతʹߋ৽͍ͯ͠Ε͹0,ʣ
    w ࢖Θͳ͍PSݹ͍ϓϥάΠϯ͸ɺ࡟আPS৐Γ׵͑ʢஔ͖׵
    ͑ʣΛݕ౼͢Δ
    w ఆظతʹ֬ೝ͢Δश׳Λ࣋ͭͱϕλʔ

    View Slide

  19. ·ͱΊ
    w *%ͱ18͸ΦϦδφϦςΟΛ࣋ͭ
    w ߋ৽͠ͳ͍ͳΒ8PSE1SFTT࢖Θͳ͍ʢ͘Β͍ͷؾ࣋ͪͰʣ
    w όοΫΞοϓ͸ඞਢʢ෮ݩ΋࿅शͯ͠ΈΑ͏ʣ
    w ϩάΠϯ63-Λมߋͯ͠#"4*$ೝূ΋ซͤΔͱ٢
    w 44-Խ͸ࠓ΍ৗࣝʢඞਢʣϨϕϧ

    View Slide