What is OWASP 20160319InnovationEGG7th

Transcript

1. OWASPͷา͖ํ Innovation EGG ୈ7ճ LT Edition

2. ΢ΣϒΛऔΓר͘໰୊Λղܾ͢ΔͨΊͷࠃࡍతͳΦʔϓϯίϛϡχςΟ

3. ೔ຊͰOWASPνϟϓλʔͷઃཱ͕ྲྀߦΔ ࠷ۙɺ2ڌ఺௥ՃͱͳΓ·ͨ͠ɻ Fukushima Okinawa https://www.owasp.org/index.php/Japan

4. ͦΜͳதݱࡏ೔ຊྻౡɺɺɺ

5. ΠϯϑϧΤϯβͷରࡦ͸͞·͟· جຊతͳ ͏͕͍ɾखચ͍ පӃͰͷ ௨Ӄɾ༧๷ઁऔ ϚεΫͷ ண༻

6. ͦΕͰ΋͔͔Δͱ͖͸͔͔Δ

7. γεςϜ΋ಉ͡ʂͲΜͳରࡦΛ͍ͯͯ͠΋μ΢ϯ͢Δͱ͖͸μ΢ϯ͢Δ

8. ͱ͜ΖͰɺɺɺɺීஈ͔ΒΠϯϑϧΤϯβରࡦ͸౰ͨΓલʹ΍͍ͬͯΔɻ جຊతͳ ͏͕͍ɾखચ͍ පӃͰͷ ௨Ӄɾ༧๷ઁऔ ϚεΫͷ ண༻

9. ͍ͬΆ͏ͦͷ͜ΖɺɺɺγεςϜ͸Ͳ͏͔ɻɻɻ

10. ૬ख͸͕࣌ؒ͋Γɺ޼ົͳ߈ܸΛ͔͚ͯ͘͠Δ΍ͭΒ

11. γεςϜ΋ಉ͡ʂηΩϡϦςΟରࡦΛ౰ͨΓલʹ͍ͯ͜͠͏

12. Ͳ͏౰ͨΓલʹ͢Ε͹Α͍͔ɻOWASPͷπʔϧͰ֬ೝͯ͠ΈΑ͏

13. ηΩϡϦςΟରࡦͷجຊతͳཧղʹ͸OWASPͷυΩϡϝϯτΛݟΑ͏! جຊతͳ ͏͕͍ɾखચ͍ පӃͰͷ ௨Ӄɾ༧๷ઁऔ ϚεΫͷ ண༻

14. OWASP Top 10Ͱओཁͳ੬ऑੑͱͦͷରࡦΛཧղ! ࠷ۙɺMobile Top10 2016ӳޠ൛Ͱ·ͨ͠ɻ https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10

15. ηΩϡϦςΟରࡦΛޮ཰తʹߦ͏ʹ͸OWASPͷπʔϧΛ࢖͓͏! جຊతͳ ͏͕͍ɾखચ͍ පӃͰͷ ௨Ӄɾ༧๷ઁऔ ϚεΫͷ ண༻

16. OWASP ZAPʹΑΓϫϯΫϦοΫͰ؆୯ʹ੬ऑੑΛνΣοΫ!

17. ͦͷଞπʔϧ ① 要件定義 OWASP ASVS（Application Security Verification Standard ） Web

    システム／Web アプリケーションセキュリティ要件書 ② 設計・開発 OWASP Cheat Sheet Series OWASP Proactive Controls ③ テスト・導⼊ OWASP ZAP（Zed Attack Proxy） OWASP Testing Guide ④ 運⽤・保守 OWASP AppSensor OWASP Dependency Check ⑤ 知識 OWASP Top10 / Mobile Top10 / IoT Top 10 OWASP Snakes and Ladders

18. OWASP Cheer Sheet Series

19. ηΩϡϦςΟରࡦΛֶͿͳΒOWASPφΠτʹࢀՃ͠Α͏! جຊతͳ ͏͕͍ɾखચ͍ පӃͰͷ ௨Ӄɾ༧๷ઁऔ ϚεΫͷ ண༻

20. 3ϲ݄ʹ1౓ͷOWASPφΠτͰ΢ΣϒηΩϡϦςΟͷ࠷৽ٕज़Λٵऩ!

21. OWASP Kansaiษڧձ΋͋Γ·͢ɻ

22. ʲࠂ஌ʳ4/2ʢ౔ʣʹԭೄͷࠃࡍిࢠϏδωεઐ໳ֶߍͰOWASP Night Okinawa #1։࠵! https://owasp-okinawa.doorkeeper.jp/events/41031

23. ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ ΢ΣϒΛ͔ͨ͠ͳ΋ͷʹ