«Свой среди чужих», Антон Лопаницын

Видео https://www.youtube.com/watch?v=JC8hwr9ILQw

Встреча Московского отделения OWASP, 6.12.2019 (https://www.meetup.com/OWASP-Moscow/events/266925142/)

OWASP Moscow

December 06, 2019

More Decks by OWASP Moscow

See All by OWASP Moscow

"Evolution of Application Security Programs through OWASP SAMM 2.0", Yan Kravchenko

0

620

«Проекты OWASP: SAMM выпуск 2», Тарас Иващенко, OZON

0

730

«Типичные ошибки реализации SMS-аутентификации», Ramazan (r0hack), DETEACT

0

1k

«Dev, Sec, Oops: How Agile Security increases Attack Surface», Денис Макрушин

0

730

«From captcha to RCE. Сложности реализации механизма CAPTCHA в изолированных системах», Виталий Малкин

0

600

«OWASP Сheat Sheet Series. Microservices-based security architecture documentation», Александр Барабанов

0

650

«Проекты OWASP: следим за безопасностью 3rd-party-компонент с помощью Dependency Track», Тарас Иващенко, OZON.

0

650

«Будущее без паролей: про FIDO2/WebAuthN и не только», Сергей Белов, Mail.Ru Group.

0

600

«CTFZone, или как перестать ресёрчить и полюбить CTF», Никита Вдовушкин, BI.ZONE.

1

590

Other Decks in Programming

See All in Programming

TSKaigi 2026 TypeScriptバックエンドのオブザーバビリティ戦略 — Datadog × NestJSの実践

taiseiyamamotoan

1

200

新規プロダクトを高速で生み出すハーネスエンジニアリング

8

2.7k

Augmenting AI with the Power of Jakarta EE

0

260

AI 時代のソフトウェア設計の学び方

PRO

28

10k

JavaDoc 再入門

0

160

Oxcを導入して開発体験が向上した話

4

180

自動レビューエンジンの実装と運用 ~レビューのない世界へ~

2

270

脅威をエンジニアリングの糧にして――現場編 / Turning Threats into Engineering Fuel — Field Edition

0

190

These Five Tricks Can Make Your Apps Greener, Cheaper, & Nicer

0

220

色即是空、空即是色、データサイエンス

1

200

Why Laravel apps break—Mastering the fundamentals to keep them maintainable

1

300

AIエージェントの隔離技術の徹底比較

0

430

Featured

See All Featured

Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge

0

300

The Cost Of JavaScript in 2023

55

9.9k

Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)

0

430

How to Ace a Technical Interview

281

24k

Un-Boring Meetings

0

300

Optimising Largest Contentful Paint

37

3.7k

Imperfection Machines: The Place of Print at Facebook

270

14k

Sam Torres - BigQuery for SEOs

PRO

0

270

Visual Storytelling: How to be a Superhuman Communicator

2

540

A brief & incomplete history of  UX Design for the World Wide Web: 1989–2019

2

380

Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS

0

370

Applied NLP in the Age of Generative AI

PRO

4

2.3k

Transcript

Свой среди чужих Чужие среди своих
Reverse Proxy
None
X-Forwarded-For: <client>, <proxy> X-Forwarded-For: <fake>, <client>, <proxy>
HTTP-request GET / HTTP/1.1  Host: admin.my.site  Connection: close GET /
HTTP/1.1  Host: admin.my.site  X-Forwarded-For: 123.123.123.123, 192.168.1.1  Connection: close X-Forwarded-For: <client>, <proxy>
XFF/XRI Spooﬁng GET / HTTP/1.1  Host: admin.my.site X-Forwarded-For: 127.0.0.1  Connection:
close GET / HTTP/1.1  Host: admin.my.site  X-Forwarded-For: 127.0.0.1, 123.123.123.123, 192.168.1.1  Connection: close X-Forwarded-For: <fake>, <client>, <proxy>
HTTP-request GET / HTTP/1.1\r\n  Host: admin.my.site\r\n  X-Forwarded-For: 127.0.0.1\r\n  Connection: close\r\n
\r\n X-Forwarded-For: <fake>, <client>, <proxy>
HTTP-request with 0d GET / HTTP/1.1\r\n  Host: admin.my.site\r\n  X-Forwarded-For: 127.0.0.1\r\r\n 
Connection: close\r\n \r\n X-Forwarded-For: <fake>\r, <client>, <proxy>
XFF/XRI Spooﬁng+ GET / HTTP/1.1\r\n  Host: admin.my.site\r\n  X-Forwarded-For: 127.0.0.1\r\r\n  Connection:
close\r\n \r\n GET / HTTP/1.1  Host: admin.my.site  X-Forwarded-For: 127.0.0.1 , 123.123.123.123, 192.168.1.1  Connection: close X-Forwarded-For: <fake> , <client>, <proxy> Tomcat? WebSphere?
Twi: @i_bo0om Site: bo0om.ru Telegram: @webpwn