Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OWT2017JP - OWASP Project Overview for Developers
Search
OWASP Japan
September 30, 2017
Technology
3.8k
11
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
OWT2017JP - OWASP Project Overview for Developers
#OWT2017JP
Opening Session by 上野宣, OWASP Japan
OWASP Japan
September 30, 2017
More Decks by OWASP Japan
See All by OWASP Japan
OWASP Night 2019.03 Tokyo
owaspjapan
0
400
OWASP SAMMを活用したセキュア開発の推進
owaspjapan
0
1.1k
20190107_AbuseCaseCheatSheet
owaspjapan
0
220
セキュリティ要求定義で使える非機能要求グレードとASVS
owaspjapan
5
1.2k
AWSクラスタに捧ぐウェブを衛っていく方法論と死なない程度の修羅場の価値
owaspjapan
9
3.5k
Shifting Left Like a Boss
owaspjapan
2
340
OWASP Top 10 and Your Web Apps
owaspjapan
2
430
OWASP Japan Proposal: Encouraging Japanese Translation
owaspjapan
1
300
elegance_of_OWASP_Top10_2017
owaspjapan
2
580
Other Decks in Technology
See All in Technology
10x Speed With QA Agent Platform - How we scaled adoption from individual effort to organizational capability
lycorptech_jp
PRO
0
130
FinOps X 2026 Recap from Engineer Side #JapanFinOps
chacco38
0
250
Claude Codeとハーネスについて考えてみる
oikon48
17
8.2k
AI Agentをシステムに組み込む前にゆるく向き合ってみる
hayama17
0
200
AIをフル活用してオンコール機能のプロトタイプを2日で作った話 / Building an AI-Powered On-Call Prototype in Just Two Days
nari_ex
0
180
Claude Code 珍プレー好プレー
shinyasaita
0
200
ゼロをイチにする仕事が終わったあと
smasato
0
290
AWS Summit の片隅で、体育座りしながらコミュニティがにぎわう理由を考えた
k_adachi_01
2
350
Text-to-SQLをAgentCoreで実現し、生成されるSQLの精度を定量的に評価する
yakumo
2
540
NDIAS CTF 2026 問題解説会資料
bata_24
0
180
AWS Summit Japan 2026の振り返りと2027へ向けて / AWS Summit Japan 2026 Recap and Prospects for 2027
kaminashi
1
200
『AIに負けない』より『AIと遊ぶ』」〜ワクワクが最強のテスト・QA学習戦略_公開用
odan611
1
380
Featured
See All Featured
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
3k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
180
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
1.5k
BBQ
matthewcrist
89
10k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.5k
Testing 201, or: Great Expectations
jmmastey
46
8.2k
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
1
370
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
210
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
200
A designer walks into a library…
pauljervisheath
211
24k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
141
35k
Transcript
08"41ͷา͖ํ 085 08"41+BQBO $IBQUFS-FBEFS 4FO6&/0 08"411SPKFDU0WFSWJFX GPS%FWFMPQFST
08"411SPKFDU
'MBHTIJQ1SPKFDUT • 5PPMT – 08"41;FE"UUBDL1SPYZ – 08"418FC5FTUJOH&OWJSPONFOU1SPKFDU – 08"41085' –
08"41%FQFOEFODZ$IFDL – 08"414FDVSJUZ4IFQIFSE</FX> • $PEF – 08"41.PE4FDVSJUZ $PSF3VMF4FU1SPKFDU – 08"41$43'(VBSE 1SPKFDU – 08"41"QQ4FOTPS 1SPKFDU • %PDVNFOUBUJPO – 08"41"QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE1SPKFDU – 08"414PGUXBSF"TTVSBODF.BUVSJUZ.PEFM 4".. – 08"41"QQ4FOTPS 1SPKFDU – 08"415PQ5FO1SPKFDU – 08"415FTUJOH(VJEF1SPKFDU IUUQTXXXPXBTQPSHJOEFYQIQ08"41@1SPKFDU@*OWFOUPSZ'MBHTIJQ@1SPKFDUT
08"415PQ3$ • 8FCΞϓϦέʔγϣϯ੬ऑੑτοϓ 3$3FKFDUFE ݄Լ०ϦϦʔε༧ఆ
08"415PQGPS ຊޠ൛ΞϦ㽂
;"1 • ;"1 ;FE"UUBDL1SPYZ • 8FCΞϓϦέʔγϣϯ੬ऑੑεΩϟφʔ ຊޠ൛ΞϦ㽂
8FC5FTUJOH&OWJSPONFOU • ओʹ08"41ͷΞϓϦέʔγϣϯηΩϡϦςΟπʔϧͱυΩϡϝ ϯτͷ٧Ί߹Θͤ -JOVYEJTU • 08"41ͷ֤छϓϩδΣΫτ – πʔϧυΩϡϝϯτ –
08"41Ҏ֎ͷ8FCΞϓϦέʔγϣϯηΩϡϦςΟπʔϧऩ • *407.XBSF 7JSUVBM#PY 1BSBMMFMTɺ-JOVYύοέʔδͳͲͷ ܗࣜͰఏڙ – چ08"41-JWF$%
085' • 085' 0GGFOTJWF8FC5FTUJOH'SBNFXPSL – ࣗಈஅπʔϧ – 08"415FTUJOH(VJEF 15&4 UIF1FOFUSBUJPO5FTUJOH&YFDVUJPO
4UBOEBSE /*45
08"41%FQFOEFODZ$IFDL • 8FCΞϓϦέʔγϣϯͷத͔Β੬ऑੑͷ͋ΔίϯϙʔωϯτΛ ൃݟ͢ΔεΩϟφʔ – +BWB /&5ʹରԠ • 3VCZ /PEFKT
1ZUIPO $$ ࢼݧతͳରԠ
08"414FDVSJUZ4IFQIFSE • 8FCͱϞόΠϧͷΞϓϦέʔγϣϯηΩϡϦςΟͷͨΊͷτ Ϩʔχϯάπʔϧ – ηΩϡϦςΟΛֶͿͨΊͷϋϯζΦϯڥ – $5'ϞʔυɺΦʔϓϯϑϩΞϞʔυɺτʔφϝϯτϞʔυͳͲΛඋ͑Δ • 5FBDIJOH5PPMGPS"MM"QQMJDBUJPO4FDVSJUZ
• 8FC"QQMJDBUJPO1FO5FTUJOH5SBJOJOH • .PCJMF"QQMJDBUJPO1FO5FTUJOH5SBJOJOH • 4BGF1MBZHSPVOEUP1SBDUJTF "QQ4FD 5FDIOJRVFT • 3FBM4FDVSJUZ3JTL&YBNQMFT
.PE4FDVSJUZ $PSF3VMF4FU1SPKFDU • .PE4FDVSJUZ – 0QFO4PVSDF8FC"QQMJDBUJPO'JSFXBMM • .PE4FDVSJUZ Ͱ͑Δϧʔϧηοτ –
1SPUPDPM7BMJEBUJPO – .BMJDJPVT$MJFOU*EFOUJGJDBUJPO – (FOFSJD"UUBDL4JHOBUVSFT – ,OPXO7VMOFSBCJMJUJFT4JHOBUVSFT – 5SPKBO#BDLEPPS"DDFTT – 0VUCPVOE%BUB-FBLBHF – "OUJ7JSVTBOE%P4 VUJMJUZTDSJQUT
$43'(VBSE 1SPKFDU • ΫϩεαΠτɾϦΫΤετϑΥʔδΣϦ $43' ରࡦϥΠϒϥϦ
"QQ4FOTPS 1SPKFDU • ΞϓϦέʔγϣϯϨΠϠʔʹର͢Δ৵ೖݕͱࣗಈԠͷͨΊͷ ϑϨʔϜϫʔΫ – ΞϓϦέʔγϣϯʹޚΛ࣮͢Δ • ݕग़ –
Ҏ্ͷݕग़ϙΠϯτͰ߈ܸΛݕ • Ԡ – ߈ܸΛݕग़ͨ͠ޙͷΞΫγϣϯ – ϢʔβʔͷϩάΞτɺΞΧϯτϩοΫɺཧऀͷ௨ͳͲ • ΞϓϦέʔγϣϯͷޚ
"QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE 1SPKFDU • "474 "QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE • ΞϓϦέʔγϣϯͷηΩϡϦςΟධՁͷͨΊͷݕࠪඪ४ – ࣗಈ·ͨखಈͷηΩϡϦςΟςετٴͼίʔυϨϏϡʔํࣜͷཁ݅
• -W0QQPSUVOJTUJD • -W4UBOEBSE • -W"EWBODFE ຊޠ൛ΞϦ㽂
4PGUXBSF"TTVSBODF.BUVSJUZ.PEFM • 4".. 4PGUXBSF"TTVSBODF.BUVSJUZ.PEFM ɿιϑτΣΞ ηΩϡϦςΟอোख़Ϟσϧ • ϦεΫʹ߹ΘͤͨιϑτΣΞηΩϡϦςΟઓུΛ࣮͢ΔͨΊ ͷϑϨʔϜϫʔΫ ຊޠ൛ΞϦ㽂
5FTUJOH(VJEF • 8FCαΠτʗΞϓϦέʔγϣϯͷςετΨΠυɺશϖʔδ ʢ7FSʣ • ֤੬ऑੑɺػೳผͷςετํ๏ – *OGPSNBUJPO(BUIFSJOH $POGJHVSBUJPO.BOBHFNFOU5FTUJOH
"VUIFOUJDBUJPO5FTUJOH 4FTTJPO.BOBHFNFOU "VUIPSJ[BUJPO 5FTUJOH #VTJOFTTMPHJDUFTUJOH %BUB7BMJEBUJPO5FTUJOH %P4 5FTUJOH 8FC4FSWJDFT5FTUJOH "+"95FTUJOH
8FCγεςϜʗ8FCΞϓϦέʔγϣϯ ηΩϡϦςΟཁ݅ॻ • 8FCγεςϜʗ8FCΞϓϦέʔγϣϯ։ൃͷͨΊͷཁ݅ఆٛॻ – ҰൠతʹΓࠐΉ͖ηΩϡϦςΟཁ݅ఆٛॻ – ։ൃݴޠϑϨʔϜϫʔΫʹґଘ͠ͳ͍ • 08"41+BQBOηΩϡϦςΟཁ݅ఆٛॻ8(
੬ऑੑஅ࢜εΩϧϚοϓϓϩδΣΫτ • ੬ऑੑஅΛߦ͏ݸਓͷٕज़తͳೳྗΛ۩ମతʹ͢Δ • ੬ऑੑஅΛߦ͏ٕज़ऀʢҎԼɺ੬ऑੑஅ࢜ʣͷεΩϧϚοϓ ͱֶशͷࢦͱͳΔγϥόεɺ੬ऑੑஅΛߦ͏ͨΊͷΨΠυϥ ΠϯͳͲΛඋ • *40(+ͱ08"41 +BQBOͷڞಉ8(
8FCΞϓϦέʔγϣϯ੬ऑੑஅΨΠυϥΠϯ • खಈஅิॿπʔϧΛͬͨ8FCΞϓϦέʔγϣϯ੬ऑੑஅ ʹ༻͢ΔΨΠυϥΠϯ – 42-J 944ͳͲͷ۩ମతͳஅύλʔϯ
੬ऑੑஅ ॳ৺ऀϋϯζΦϯτϨʔχϯά • ݄ ։࠵ • ืूਓ໊ <͢Ͱʹຬ੮> IUUQTQFOUFTUXFCDPOOQBTTDPNFWFOU
օ͞ΜͷڠྗͰΓཱ͍ͬͯ·͢ • ຊޠ൛͕ͳ͍ϓϩδΣΫτ͍͔ͭ͘ • ఀ͍ͯ͠ΔϓϩδΣΫτ͍͔ͭ͘ • ϘϥϯςΟΞͷྗΛඞཁͱ͍ͯ͠·͢
+PJOVT