Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OWT2017JP - OWASP Project Overview for Developers
Search
OWASP Japan
September 30, 2017
Technology
11
3.8k
OWT2017JP - OWASP Project Overview for Developers
#OWT2017JP
Opening Session by 上野宣, OWASP Japan
OWASP Japan
September 30, 2017
Tweet
Share
More Decks by OWASP Japan
See All by OWASP Japan
OWASP Night 2019.03 Tokyo
owaspjapan
0
340
OWASP SAMMを活用したセキュア開発の推進
owaspjapan
0
1k
20190107_AbuseCaseCheatSheet
owaspjapan
0
180
セキュリティ要求定義で使える非機能要求グレードとASVS
owaspjapan
5
1k
AWSクラスタに捧ぐウェブを衛っていく方法論と死なない程度の修羅場の価値
owaspjapan
9
3.3k
Shifting Left Like a Boss
owaspjapan
2
300
OWASP Top 10 and Your Web Apps
owaspjapan
2
390
OWASP Japan Proposal: Encouraging Japanese Translation
owaspjapan
1
250
elegance_of_OWASP_Top10_2017
owaspjapan
2
530
Other Decks in Technology
See All in Technology
実践AIガバナンス
asei
2
110
イオン店舗一覧ページのパフォーマンスチューニング事例 / Performance tuning example for AEON store list page
aeonpeople
2
310
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
8.6k
人を動かすことについて考える
ichimichi
2
330
あなたの知らない OneDrive
murachiakira
0
240
[CV勉強会@関東 CVPR2025 読み会] MegaSaM: Accurate, Fast, and Robust Structure and Motion from Casual Dynamic Videos (Li+, CVPR2025)
abemii
0
200
Yahoo!ニュースにおけるソフトウェア開発
lycorptech_jp
PRO
0
380
ソフトウェア エンジニアとしての 姿勢と心構え
recruitengineers
PRO
6
1.8k
Goss: Faiss向けの新しい本番環境対応 Goバインディング #coefl_go_jp
bengo4com
0
1.4k
認知戦の理解と、市民としての対抗策
hogehuga
0
370
[CVPR2025論文読み会] Linguistics-aware Masked Image Modelingfor Self-supervised Scene Text Recognition
s_aiueo32
0
210
Goでマークダウンの独自記法を実装する
lag129
0
220
Featured
See All Featured
Site-Speed That Sticks
csswizardry
10
790
A designer walks into a library…
pauljervisheath
207
24k
Speed Design
sergeychernyshev
32
1.1k
Code Reviewing Like a Champion
maltzj
525
40k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
8
480
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
185
54k
How to Ace a Technical Interview
jacobian
279
23k
Optimizing for Happiness
mojombo
379
70k
Java REST API Framework Comparison - PWX 2021
mraible
33
8.8k
Gamification - CAS2011
davidbonilla
81
5.4k
Raft: Consensus for Rubyists
vanstee
140
7.1k
Optimising Largest Contentful Paint
csswizardry
37
3.4k
Transcript
08"41ͷา͖ํ 085 08"41+BQBO $IBQUFS-FBEFS 4FO6&/0 08"411SPKFDU0WFSWJFX GPS%FWFMPQFST
08"411SPKFDU
'MBHTIJQ1SPKFDUT • 5PPMT – 08"41;FE"UUBDL1SPYZ – 08"418FC5FTUJOH&OWJSPONFOU1SPKFDU – 08"41085' –
08"41%FQFOEFODZ$IFDL – 08"414FDVSJUZ4IFQIFSE</FX> • $PEF – 08"41.PE4FDVSJUZ $PSF3VMF4FU1SPKFDU – 08"41$43'(VBSE 1SPKFDU – 08"41"QQ4FOTPS 1SPKFDU • %PDVNFOUBUJPO – 08"41"QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE1SPKFDU – 08"414PGUXBSF"TTVSBODF.BUVSJUZ.PEFM 4".. – 08"41"QQ4FOTPS 1SPKFDU – 08"415PQ5FO1SPKFDU – 08"415FTUJOH(VJEF1SPKFDU IUUQTXXXPXBTQPSHJOEFYQIQ08"41@1SPKFDU@*OWFOUPSZ'MBHTIJQ@1SPKFDUT
08"415PQ3$ • 8FCΞϓϦέʔγϣϯ੬ऑੑτοϓ 3$3FKFDUFE ݄Լ०ϦϦʔε༧ఆ
08"415PQGPS ຊޠ൛ΞϦ㽂
;"1 • ;"1 ;FE"UUBDL1SPYZ • 8FCΞϓϦέʔγϣϯ੬ऑੑεΩϟφʔ ຊޠ൛ΞϦ㽂
8FC5FTUJOH&OWJSPONFOU • ओʹ08"41ͷΞϓϦέʔγϣϯηΩϡϦςΟπʔϧͱυΩϡϝ ϯτͷ٧Ί߹Θͤ -JOVYEJTU • 08"41ͷ֤छϓϩδΣΫτ – πʔϧυΩϡϝϯτ –
08"41Ҏ֎ͷ8FCΞϓϦέʔγϣϯηΩϡϦςΟπʔϧऩ • *407.XBSF 7JSUVBM#PY 1BSBMMFMTɺ-JOVYύοέʔδͳͲͷ ܗࣜͰఏڙ – چ08"41-JWF$%
085' • 085' 0GGFOTJWF8FC5FTUJOH'SBNFXPSL – ࣗಈஅπʔϧ – 08"415FTUJOH(VJEF 15&4 UIF1FOFUSBUJPO5FTUJOH&YFDVUJPO
4UBOEBSE /*45
08"41%FQFOEFODZ$IFDL • 8FCΞϓϦέʔγϣϯͷத͔Β੬ऑੑͷ͋ΔίϯϙʔωϯτΛ ൃݟ͢ΔεΩϟφʔ – +BWB /&5ʹରԠ • 3VCZ /PEFKT
1ZUIPO $$ ࢼݧతͳରԠ
08"414FDVSJUZ4IFQIFSE • 8FCͱϞόΠϧͷΞϓϦέʔγϣϯηΩϡϦςΟͷͨΊͷτ Ϩʔχϯάπʔϧ – ηΩϡϦςΟΛֶͿͨΊͷϋϯζΦϯڥ – $5'ϞʔυɺΦʔϓϯϑϩΞϞʔυɺτʔφϝϯτϞʔυͳͲΛඋ͑Δ • 5FBDIJOH5PPMGPS"MM"QQMJDBUJPO4FDVSJUZ
• 8FC"QQMJDBUJPO1FO5FTUJOH5SBJOJOH • .PCJMF"QQMJDBUJPO1FO5FTUJOH5SBJOJOH • 4BGF1MBZHSPVOEUP1SBDUJTF "QQ4FD 5FDIOJRVFT • 3FBM4FDVSJUZ3JTL&YBNQMFT
.PE4FDVSJUZ $PSF3VMF4FU1SPKFDU • .PE4FDVSJUZ – 0QFO4PVSDF8FC"QQMJDBUJPO'JSFXBMM • .PE4FDVSJUZ Ͱ͑Δϧʔϧηοτ –
1SPUPDPM7BMJEBUJPO – .BMJDJPVT$MJFOU*EFOUJGJDBUJPO – (FOFSJD"UUBDL4JHOBUVSFT – ,OPXO7VMOFSBCJMJUJFT4JHOBUVSFT – 5SPKBO#BDLEPPS"DDFTT – 0VUCPVOE%BUB-FBLBHF – "OUJ7JSVTBOE%P4 VUJMJUZTDSJQUT
$43'(VBSE 1SPKFDU • ΫϩεαΠτɾϦΫΤετϑΥʔδΣϦ $43' ରࡦϥΠϒϥϦ
"QQ4FOTPS 1SPKFDU • ΞϓϦέʔγϣϯϨΠϠʔʹର͢Δ৵ೖݕͱࣗಈԠͷͨΊͷ ϑϨʔϜϫʔΫ – ΞϓϦέʔγϣϯʹޚΛ࣮͢Δ • ݕग़ –
Ҏ্ͷݕग़ϙΠϯτͰ߈ܸΛݕ • Ԡ – ߈ܸΛݕग़ͨ͠ޙͷΞΫγϣϯ – ϢʔβʔͷϩάΞτɺΞΧϯτϩοΫɺཧऀͷ௨ͳͲ • ΞϓϦέʔγϣϯͷޚ
"QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE 1SPKFDU • "474 "QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE • ΞϓϦέʔγϣϯͷηΩϡϦςΟධՁͷͨΊͷݕࠪඪ४ – ࣗಈ·ͨखಈͷηΩϡϦςΟςετٴͼίʔυϨϏϡʔํࣜͷཁ݅
• -W0QQPSUVOJTUJD • -W4UBOEBSE • -W"EWBODFE ຊޠ൛ΞϦ㽂
4PGUXBSF"TTVSBODF.BUVSJUZ.PEFM • 4".. 4PGUXBSF"TTVSBODF.BUVSJUZ.PEFM ɿιϑτΣΞ ηΩϡϦςΟอোख़Ϟσϧ • ϦεΫʹ߹ΘͤͨιϑτΣΞηΩϡϦςΟઓུΛ࣮͢ΔͨΊ ͷϑϨʔϜϫʔΫ ຊޠ൛ΞϦ㽂
5FTUJOH(VJEF • 8FCαΠτʗΞϓϦέʔγϣϯͷςετΨΠυɺશϖʔδ ʢ7FSʣ • ֤੬ऑੑɺػೳผͷςετํ๏ – *OGPSNBUJPO(BUIFSJOH $POGJHVSBUJPO.BOBHFNFOU5FTUJOH
"VUIFOUJDBUJPO5FTUJOH 4FTTJPO.BOBHFNFOU "VUIPSJ[BUJPO 5FTUJOH #VTJOFTTMPHJDUFTUJOH %BUB7BMJEBUJPO5FTUJOH %P4 5FTUJOH 8FC4FSWJDFT5FTUJOH "+"95FTUJOH
8FCγεςϜʗ8FCΞϓϦέʔγϣϯ ηΩϡϦςΟཁ݅ॻ • 8FCγεςϜʗ8FCΞϓϦέʔγϣϯ։ൃͷͨΊͷཁ݅ఆٛॻ – ҰൠతʹΓࠐΉ͖ηΩϡϦςΟཁ݅ఆٛॻ – ։ൃݴޠϑϨʔϜϫʔΫʹґଘ͠ͳ͍ • 08"41+BQBOηΩϡϦςΟཁ݅ఆٛॻ8(
੬ऑੑஅ࢜εΩϧϚοϓϓϩδΣΫτ • ੬ऑੑஅΛߦ͏ݸਓͷٕज़తͳೳྗΛ۩ମతʹ͢Δ • ੬ऑੑஅΛߦ͏ٕज़ऀʢҎԼɺ੬ऑੑஅ࢜ʣͷεΩϧϚοϓ ͱֶशͷࢦͱͳΔγϥόεɺ੬ऑੑஅΛߦ͏ͨΊͷΨΠυϥ ΠϯͳͲΛඋ • *40(+ͱ08"41 +BQBOͷڞಉ8(
8FCΞϓϦέʔγϣϯ੬ऑੑஅΨΠυϥΠϯ • खಈஅิॿπʔϧΛͬͨ8FCΞϓϦέʔγϣϯ੬ऑੑஅ ʹ༻͢ΔΨΠυϥΠϯ – 42-J 944ͳͲͷ۩ମతͳஅύλʔϯ
੬ऑੑஅ ॳ৺ऀϋϯζΦϯτϨʔχϯά • ݄ ։࠵ • ืूਓ໊ <͢Ͱʹຬ੮> IUUQTQFOUFTUXFCDPOOQBTTDPNFWFOU
օ͞ΜͷڠྗͰΓཱ͍ͬͯ·͢ • ຊޠ൛͕ͳ͍ϓϩδΣΫτ͍͔ͭ͘ • ఀ͍ͯ͠ΔϓϩδΣΫτ͍͔ͭ͘ • ϘϥϯςΟΞͷྗΛඞཁͱ͍ͯ͠·͢
+PJOVT