#OWT2017JP Opening Session by 上野宣, OWASP Japan
08"41ͷา͖ํ08508"41+BQBO$IBQUFS-FBEFS4FO6&/008"411SPKFDU0WFSWJFXGPS%FWFMPQFST
View Slide
08"411SPKFDU
'MBHTIJQ1SPKFDUT• 5PPMT– 08"41;FE"UUBDL1SPYZ– 08"418FC5FTUJOH&OWJSPONFOU1SPKFDU– 08"41085'– 08"41%FQFOEFODZ$IFDL– 08"414FDVSJUZ4IFQIFSE• $PEF– 08"41.PE4FDVSJUZ $PSF3VMF4FU1SPKFDU– 08"41$43'(VBSE 1SPKFDU– 08"41"QQ4FOTPS 1SPKFDU• %PDVNFOUBUJPO– 08"41"QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE1SPKFDU– 08"414PGUXBSF"TTVSBODF.BUVSJUZ.PEFM 4"..– 08"41"QQ4FOTPS 1SPKFDU– 08"415PQ5FO1SPKFDU– 08"415FTUJOH(VJEF1SPKFDUIUUQTXXXPXBTQPSHJOEFYQIQ08"[email protected]@*OWFOUPSZ'[email protected]
08"415PQ3$• 8FCΞϓϦέʔγϣϯ੬ऑੑτοϓ3$3FKFDUFE݄Լ०ϦϦʔε༧ఆ
08"415PQGPSຊޠ൛ΞϦ㽂
;"1• ;"1 ;FE"UUBDL1SPYZ• 8FCΞϓϦέʔγϣϯ੬ऑੑεΩϟφʔຊޠ൛ΞϦ㽂
8FC5FTUJOH&OWJSPONFOU• ओʹ08"41ͷΞϓϦέʔγϣϯηΩϡϦςΟπʔϧͱυΩϡϝϯτͷ٧Ί߹Θͤ -JOVYEJTU• 08"41ͷ֤छϓϩδΣΫτ– πʔϧυΩϡϝϯτ– 08"41Ҏ֎ͷ8FCΞϓϦέʔγϣϯηΩϡϦςΟπʔϧऩ• *407.XBSF 7JSUVBM#PY 1BSBMMFMTɺ-JOVYύοέʔδͳͲͷܗࣜͰఏڙ– چ08"41-JWF$%
085'• 085' 0GGFOTJWF8FC5FTUJOH'SBNFXPSL– ࣗಈஅπʔϧ– 08"415FTUJOH(VJEF15&4 UIF1FOFUSBUJPO5FTUJOH&YFDVUJPO4UBOEBSE/*45
08"41%FQFOEFODZ$IFDL• 8FCΞϓϦέʔγϣϯͷத͔Β੬ऑੑͷ͋ΔίϯϙʔωϯτΛൃݟ͢ΔεΩϟφʔ– +BWB /&5ʹରԠ• 3VCZ /PEFKT 1ZUIPO $$ ࢼݧతͳରԠ
08"414FDVSJUZ4IFQIFSE• 8FCͱϞόΠϧͷΞϓϦέʔγϣϯηΩϡϦςΟͷͨΊͷτϨʔχϯάπʔϧ– ηΩϡϦςΟΛֶͿͨΊͷϋϯζΦϯڥ– $5'ϞʔυɺΦʔϓϯϑϩΞϞʔυɺτʔφϝϯτϞʔυͳͲΛඋ͑Δ• 5FBDIJOH5PPMGPS"MM"QQMJDBUJPO4FDVSJUZ• 8FC"QQMJDBUJPO1FO5FTUJOH5SBJOJOH• .PCJMF"QQMJDBUJPO1FO5FTUJOH5SBJOJOH• 4BGF1MBZHSPVOEUP1SBDUJTF "QQ4FD 5FDIOJRVFT• 3FBM4FDVSJUZ3JTL&YBNQMFT
.PE4FDVSJUZ $PSF3VMF4FU1SPKFDU• .PE4FDVSJUZ– 0QFO4PVSDF8FC"QQMJDBUJPO'JSFXBMM• .PE4FDVSJUZ Ͱ͑Δϧʔϧηοτ– 1SPUPDPM7BMJEBUJPO– .BMJDJPVT$MJFOU*EFOUJGJDBUJPO– (FOFSJD"UUBDL4JHOBUVSFT– ,OPXO7VMOFSBCJMJUJFT4JHOBUVSFT– 5SPKBO#BDLEPPS"DDFTT– 0VUCPVOE%BUB-FBLBHF– "OUJ7JSVTBOE%P4 VUJMJUZTDSJQUT
$43'(VBSE 1SPKFDU• ΫϩεαΠτɾϦΫΤετϑΥʔδΣϦ $43'ରࡦϥΠϒϥϦ
"QQ4FOTPS 1SPKFDU• ΞϓϦέʔγϣϯϨΠϠʔʹର͢Δ৵ೖݕͱࣗಈԠͷͨΊͷϑϨʔϜϫʔΫ– ΞϓϦέʔγϣϯʹޚΛ࣮͢Δ• ݕग़– Ҏ্ͷݕग़ϙΠϯτͰ߈ܸΛݕ• Ԡ– ߈ܸΛݕग़ͨ͠ޙͷΞΫγϣϯ– ϢʔβʔͷϩάΞτɺΞΧϯτϩοΫɺཧऀͷ௨ͳͲ• ΞϓϦέʔγϣϯͷޚ
"QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE 1SPKFDU• "474 "QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE• ΞϓϦέʔγϣϯͷηΩϡϦςΟධՁͷͨΊͷݕࠪඪ४– ࣗಈ·ͨखಈͷηΩϡϦςΟςετٴͼίʔυϨϏϡʔํࣜͷཁ݅• -W0QQPSUVOJTUJD• -W4UBOEBSE• -W"EWBODFEຊޠ൛ΞϦ㽂
4PGUXBSF"TTVSBODF.BUVSJUZ.PEFM• 4".. 4PGUXBSF"TTVSBODF.BUVSJUZ.PEFMɿιϑτΣΞηΩϡϦςΟอোख़Ϟσϧ• ϦεΫʹ߹ΘͤͨιϑτΣΞηΩϡϦςΟઓུΛ࣮͢ΔͨΊͷϑϨʔϜϫʔΫຊޠ൛ΞϦ㽂
5FTUJOH(VJEF• 8FCαΠτʗΞϓϦέʔγϣϯͷςετΨΠυɺશϖʔδʢ7FSʣ• ֤੬ऑੑɺػೳผͷςετํ๏– *OGPSNBUJPO(BUIFSJOH $POGJHVSBUJPO.BOBHFNFOU5FTUJOH "VUIFOUJDBUJPO5FTUJOH 4FTTJPO.BOBHFNFOU "VUIPSJ[BUJPO5FTUJOH #VTJOFTTMPHJDUFTUJOH %BUB7BMJEBUJPO5FTUJOH %P45FTUJOH 8FC4FSWJDFT5FTUJOH "+"95FTUJOH
8FCγεςϜʗ8FCΞϓϦέʔγϣϯηΩϡϦςΟཁ݅ॻ• 8FCγεςϜʗ8FCΞϓϦέʔγϣϯ։ൃͷͨΊͷཁ݅ఆٛॻ– ҰൠతʹΓࠐΉ͖ηΩϡϦςΟཁ݅ఆٛॻ– ։ൃݴޠϑϨʔϜϫʔΫʹґଘ͠ͳ͍• 08"41+BQBOηΩϡϦςΟཁ݅ఆٛॻ8(
੬ऑੑஅ࢜εΩϧϚοϓϓϩδΣΫτ• ੬ऑੑஅΛߦ͏ݸਓͷٕज़తͳೳྗΛ۩ମతʹ͢Δ• ੬ऑੑஅΛߦ͏ٕज़ऀʢҎԼɺ੬ऑੑஅ࢜ʣͷεΩϧϚοϓͱֶशͷࢦͱͳΔγϥόεɺ੬ऑੑஅΛߦ͏ͨΊͷΨΠυϥΠϯͳͲΛඋ• *40(+ͱ08"41 +BQBOͷڞಉ8(
8FCΞϓϦέʔγϣϯ੬ऑੑஅΨΠυϥΠϯ• खಈஅิॿπʔϧΛͬͨ8FCΞϓϦέʔγϣϯ੬ऑੑஅʹ༻͢ΔΨΠυϥΠϯ– 42-J 944ͳͲͷ۩ମతͳஅύλʔϯ
੬ऑੑஅ ॳ৺ऀϋϯζΦϯτϨʔχϯά• ݄ ։࠵• ืूਓ໊ IUUQTQFOUFTUXFCDPOOQBTTDPNFWFOU
օ͞ΜͷڠྗͰΓཱ͍ͬͯ·͢• ຊޠ൛͕ͳ͍ϓϩδΣΫτ͍͔ͭ͘• ఀ͍ͯ͠ΔϓϩδΣΫτ͍͔ͭ͘• ϘϥϯςΟΞͷྗΛඞཁͱ͍ͯ͠·͢
+PJOVT
owaspjapan
koic
robots
bengo4com
okunokentaro
odasho
sakaik
hirokiotsuka
cybozuinsideout
hirokiigeta
tgalopin
hanhan1978
tamaiyutaro
keavy
scottboms
philhawksworth
jlugia
smashingmag
geeforr
marcduiker
erikaheidi
moore
davidbonilla
danielanewman
marcelosomers