Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OWT2017JP - OWASP Project Overview for Developers
Search
OWASP Japan
September 30, 2017
Technology
11
3.7k
OWT2017JP - OWASP Project Overview for Developers
#OWT2017JP
Opening Session by 上野宣, OWASP Japan
OWASP Japan
September 30, 2017
Tweet
Share
More Decks by OWASP Japan
See All by OWASP Japan
OWASP Night 2019.03 Tokyo
owaspjapan
0
340
OWASP SAMMを活用したセキュア開発の推進
owaspjapan
0
1k
20190107_AbuseCaseCheatSheet
owaspjapan
0
180
セキュリティ要求定義で使える非機能要求グレードとASVS
owaspjapan
5
1k
AWSクラスタに捧ぐウェブを衛っていく方法論と死なない程度の修羅場の価値
owaspjapan
9
3.3k
Shifting Left Like a Boss
owaspjapan
2
290
OWASP Top 10 and Your Web Apps
owaspjapan
2
380
OWASP Japan Proposal: Encouraging Japanese Translation
owaspjapan
1
240
elegance_of_OWASP_Top10_2017
owaspjapan
2
520
Other Decks in Technology
See All in Technology
エンジニア向け技術スタック情報
kauche
1
250
20250625 Snowflake Summit 2025活用事例 レポート / Nowcast Snowflake Summit 2025 Case Study Report
kkuv
1
300
Javaで作る RAGを活用した Q&Aアプリケーション
recruitengineers
PRO
1
100
Understanding_Thread_Tuning_for_Inference_Servers_of_Deep_Models.pdf
lycorptech_jp
PRO
0
110
Amazon Bedrockで実現する 新たな学習体験
kzkmaeda
1
530
Uniadex__公開版_20250617-AIxIoTビジネス共創ラボ_ツナガルチカラ_.pdf
iotcomjpadmin
0
160
米国国防総省のDevSecOpsライフサイクルをAWSのセキュリティサービスとOSSで実現
syoshie
2
1k
PHPでWebブラウザのレンダリングエンジンを実装する
dip_tech
PRO
0
200
Claude Code Actionを使ったコード品質改善の取り組み
potix2
PRO
6
2.2k
解析の定理証明実践@Lean 4
dec9ue
0
170
IIWレポートからみるID業界で話題のMCP
fujie
0
790
Node-RED × MCP 勉強会 vol.1
1ftseabass
PRO
0
140
Featured
See All Featured
Raft: Consensus for Rubyists
vanstee
140
7k
We Have a Design System, Now What?
morganepeng
53
7.7k
The Cult of Friendly URLs
andyhume
79
6.5k
Making the Leap to Tech Lead
cromwellryan
134
9.3k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Why You Should Never Use an ORM
jnunemaker
PRO
56
9.4k
StorybookのUI Testing Handbookを読んだ
zakiyama
30
5.8k
Why Our Code Smells
bkeepers
PRO
337
57k
Side Projects
sachag
455
42k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
790
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
138
34k
Transcript
08"41ͷา͖ํ 085 08"41+BQBO $IBQUFS-FBEFS 4FO6&/0 08"411SPKFDU0WFSWJFX GPS%FWFMPQFST
08"411SPKFDU
'MBHTIJQ1SPKFDUT • 5PPMT – 08"41;FE"UUBDL1SPYZ – 08"418FC5FTUJOH&OWJSPONFOU1SPKFDU – 08"41085' –
08"41%FQFOEFODZ$IFDL – 08"414FDVSJUZ4IFQIFSE</FX> • $PEF – 08"41.PE4FDVSJUZ $PSF3VMF4FU1SPKFDU – 08"41$43'(VBSE 1SPKFDU – 08"41"QQ4FOTPS 1SPKFDU • %PDVNFOUBUJPO – 08"41"QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE1SPKFDU – 08"414PGUXBSF"TTVSBODF.BUVSJUZ.PEFM 4".. – 08"41"QQ4FOTPS 1SPKFDU – 08"415PQ5FO1SPKFDU – 08"415FTUJOH(VJEF1SPKFDU IUUQTXXXPXBTQPSHJOEFYQIQ08"41@1SPKFDU@*OWFOUPSZ'MBHTIJQ@1SPKFDUT
08"415PQ3$ • 8FCΞϓϦέʔγϣϯ੬ऑੑτοϓ 3$3FKFDUFE ݄Լ०ϦϦʔε༧ఆ
08"415PQGPS ຊޠ൛ΞϦ㽂
;"1 • ;"1 ;FE"UUBDL1SPYZ • 8FCΞϓϦέʔγϣϯ੬ऑੑεΩϟφʔ ຊޠ൛ΞϦ㽂
8FC5FTUJOH&OWJSPONFOU • ओʹ08"41ͷΞϓϦέʔγϣϯηΩϡϦςΟπʔϧͱυΩϡϝ ϯτͷ٧Ί߹Θͤ -JOVYEJTU • 08"41ͷ֤छϓϩδΣΫτ – πʔϧυΩϡϝϯτ –
08"41Ҏ֎ͷ8FCΞϓϦέʔγϣϯηΩϡϦςΟπʔϧऩ • *407.XBSF 7JSUVBM#PY 1BSBMMFMTɺ-JOVYύοέʔδͳͲͷ ܗࣜͰఏڙ – چ08"41-JWF$%
085' • 085' 0GGFOTJWF8FC5FTUJOH'SBNFXPSL – ࣗಈஅπʔϧ – 08"415FTUJOH(VJEF 15&4 UIF1FOFUSBUJPO5FTUJOH&YFDVUJPO
4UBOEBSE /*45
08"41%FQFOEFODZ$IFDL • 8FCΞϓϦέʔγϣϯͷத͔Β੬ऑੑͷ͋ΔίϯϙʔωϯτΛ ൃݟ͢ΔεΩϟφʔ – +BWB /&5ʹରԠ • 3VCZ /PEFKT
1ZUIPO $$ ࢼݧతͳରԠ
08"414FDVSJUZ4IFQIFSE • 8FCͱϞόΠϧͷΞϓϦέʔγϣϯηΩϡϦςΟͷͨΊͷτ Ϩʔχϯάπʔϧ – ηΩϡϦςΟΛֶͿͨΊͷϋϯζΦϯڥ – $5'ϞʔυɺΦʔϓϯϑϩΞϞʔυɺτʔφϝϯτϞʔυͳͲΛඋ͑Δ • 5FBDIJOH5PPMGPS"MM"QQMJDBUJPO4FDVSJUZ
• 8FC"QQMJDBUJPO1FO5FTUJOH5SBJOJOH • .PCJMF"QQMJDBUJPO1FO5FTUJOH5SBJOJOH • 4BGF1MBZHSPVOEUP1SBDUJTF "QQ4FD 5FDIOJRVFT • 3FBM4FDVSJUZ3JTL&YBNQMFT
.PE4FDVSJUZ $PSF3VMF4FU1SPKFDU • .PE4FDVSJUZ – 0QFO4PVSDF8FC"QQMJDBUJPO'JSFXBMM • .PE4FDVSJUZ Ͱ͑Δϧʔϧηοτ –
1SPUPDPM7BMJEBUJPO – .BMJDJPVT$MJFOU*EFOUJGJDBUJPO – (FOFSJD"UUBDL4JHOBUVSFT – ,OPXO7VMOFSBCJMJUJFT4JHOBUVSFT – 5SPKBO#BDLEPPS"DDFTT – 0VUCPVOE%BUB-FBLBHF – "OUJ7JSVTBOE%P4 VUJMJUZTDSJQUT
$43'(VBSE 1SPKFDU • ΫϩεαΠτɾϦΫΤετϑΥʔδΣϦ $43' ରࡦϥΠϒϥϦ
"QQ4FOTPS 1SPKFDU • ΞϓϦέʔγϣϯϨΠϠʔʹର͢Δ৵ೖݕͱࣗಈԠͷͨΊͷ ϑϨʔϜϫʔΫ – ΞϓϦέʔγϣϯʹޚΛ࣮͢Δ • ݕग़ –
Ҏ্ͷݕग़ϙΠϯτͰ߈ܸΛݕ • Ԡ – ߈ܸΛݕग़ͨ͠ޙͷΞΫγϣϯ – ϢʔβʔͷϩάΞτɺΞΧϯτϩοΫɺཧऀͷ௨ͳͲ • ΞϓϦέʔγϣϯͷޚ
"QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE 1SPKFDU • "474 "QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE • ΞϓϦέʔγϣϯͷηΩϡϦςΟධՁͷͨΊͷݕࠪඪ४ – ࣗಈ·ͨखಈͷηΩϡϦςΟςετٴͼίʔυϨϏϡʔํࣜͷཁ݅
• -W0QQPSUVOJTUJD • -W4UBOEBSE • -W"EWBODFE ຊޠ൛ΞϦ㽂
4PGUXBSF"TTVSBODF.BUVSJUZ.PEFM • 4".. 4PGUXBSF"TTVSBODF.BUVSJUZ.PEFM ɿιϑτΣΞ ηΩϡϦςΟอোख़Ϟσϧ • ϦεΫʹ߹ΘͤͨιϑτΣΞηΩϡϦςΟઓུΛ࣮͢ΔͨΊ ͷϑϨʔϜϫʔΫ ຊޠ൛ΞϦ㽂
5FTUJOH(VJEF • 8FCαΠτʗΞϓϦέʔγϣϯͷςετΨΠυɺશϖʔδ ʢ7FSʣ • ֤੬ऑੑɺػೳผͷςετํ๏ – *OGPSNBUJPO(BUIFSJOH $POGJHVSBUJPO.BOBHFNFOU5FTUJOH
"VUIFOUJDBUJPO5FTUJOH 4FTTJPO.BOBHFNFOU "VUIPSJ[BUJPO 5FTUJOH #VTJOFTTMPHJDUFTUJOH %BUB7BMJEBUJPO5FTUJOH %P4 5FTUJOH 8FC4FSWJDFT5FTUJOH "+"95FTUJOH
8FCγεςϜʗ8FCΞϓϦέʔγϣϯ ηΩϡϦςΟཁ݅ॻ • 8FCγεςϜʗ8FCΞϓϦέʔγϣϯ։ൃͷͨΊͷཁ݅ఆٛॻ – ҰൠతʹΓࠐΉ͖ηΩϡϦςΟཁ݅ఆٛॻ – ։ൃݴޠϑϨʔϜϫʔΫʹґଘ͠ͳ͍ • 08"41+BQBOηΩϡϦςΟཁ݅ఆٛॻ8(
੬ऑੑஅ࢜εΩϧϚοϓϓϩδΣΫτ • ੬ऑੑஅΛߦ͏ݸਓͷٕज़తͳೳྗΛ۩ମతʹ͢Δ • ੬ऑੑஅΛߦ͏ٕज़ऀʢҎԼɺ੬ऑੑஅ࢜ʣͷεΩϧϚοϓ ͱֶशͷࢦͱͳΔγϥόεɺ੬ऑੑஅΛߦ͏ͨΊͷΨΠυϥ ΠϯͳͲΛඋ • *40(+ͱ08"41 +BQBOͷڞಉ8(
8FCΞϓϦέʔγϣϯ੬ऑੑஅΨΠυϥΠϯ • खಈஅิॿπʔϧΛͬͨ8FCΞϓϦέʔγϣϯ੬ऑੑஅ ʹ༻͢ΔΨΠυϥΠϯ – 42-J 944ͳͲͷ۩ମతͳஅύλʔϯ
੬ऑੑஅ ॳ৺ऀϋϯζΦϯτϨʔχϯά • ݄ ։࠵ • ืूਓ໊ <͢Ͱʹຬ੮> IUUQTQFOUFTUXFCDPOOQBTTDPNFWFOU
օ͞ΜͷڠྗͰΓཱ͍ͬͯ·͢ • ຊޠ൛͕ͳ͍ϓϩδΣΫτ͍͔ͭ͘ • ఀ͍ͯ͠ΔϓϩδΣΫτ͍͔ͭ͘ • ϘϥϯςΟΞͷྗΛඞཁͱ͍ͯ͠·͢
+PJOVT