cloudpack flow Deep Security operation TIPS The meaning of tuning telling you softly 

cloudpack ྲྀ Deep Security ͷӡ༻ TIPS νϡʔχϯάͷۃҙΛͦͬͱ͋ͳͨʹ 

Who am I ? • ٢ాͻΖ͔ͣ ( hirokazu yoshida )
 Security Engineer at cloudpack http://qiita.com/fnifni 

607 

ਪ঑ઃఆͷݕࡧͰ͸ ਪ঑͞ΕΔ͜ͱ͕ͳ͍ϧʔϧୡ͕ ͋Γ·͢ 

୅දతͳਪ঑͞ΕΔ͜ͱ͕ͳ͍ϧʔϧୡ • 1000608 - Generic SQL Injection Prevention • 1000552 - Generic Cross Site Scripting(XSS) Prevention 

͜ͷϧʔϧͬͯDSͷWAFػೳͰ͠ΐʁ ͳΜͰਪ঑͞Εͳ͍ͷʁ 

ͩͬͯνϡʔχϯάେม͡ΌΜ ʢதͷਓஊʣ 

ͦΜͳΘ͚Ͱ νϡʔχϯάϙΠϯτΛ঺հ 

ϧʔϧͷੑ࣭Λ஌Δ 

ϧʔϧͷಛੑΛ஌Δ • 1000608
 Generic SQL Injection Prevention SQL ΠϯδΣΫγϣϯ߈ܸͰ Α͘࢖ΘΕΔจࣈɾه߸Λ ݕ஌͢Δϧʔϧ 

ϧʔϧͷಛੑΛ஌Δ • 1000552
 Generic Cross Site Scripting(XSS)
 Prevention XSS߈ܸͰ Α͘࢖ΘΕΔจࣈɾه߸Λ ݕ஌͢Δϧʔϧ 

߈ܸ௨৴ͱਖ਼ৗ௨৴ͷݟۃΊ 

߈ܸ௨৴Λݕ஌ͨ͠έʔε GET /index.htm?mode=pc'+ORDEr+By+999+--+; HTTP/1.1 GET /?1=@ini_set(\"display_errors\", \"0\");@set_time_limit(0);@set_magic_quotes_runtime(0);echo '->|';file_put_contents(dirname(['SCRIPT_FILENAME']).'/cache/ cachee.php','');echo '|<-'; HTTP/1.1" 

ਖ਼ৗ௨৴Λݕ஌ͨ͠έʔε token=uzWoZpwAFsGfXcosY86KcfWLGnMuNIonRM1+zorRM RHrRj8S2D4LbIztTXa58mT90g8U+3YnfFnEA6PNY2xLHg= token=uzWoZpwAFsGfXcosY86KcfWLGnMuNIonRM1%2Bzor RMRHrRj8S2D4LbIztTXa58mT90g8U %2B3YnfFnEA6PNY2xLHg%3D 

Ͱ͸͜Ε͸ʁ POST /system/page/setting_tag HTTP/1.1 _method=POST&data[CompanyMaterial] [all_pages_tag]=\r\n\tconsole.log('hoge');\r\n</ script>&data[CompanyMaterial][entry_complete_tag]= 

ਖ਼ৗΛ஌Βͳ͍ͱ ҟৗΛ஌Δ͜ͱ͸Ͱ͖·ͤΜ 

γεςϜ͸ੜ͖෺ γεςϜͷݸੑΛ஌Γ ೔ʑͷӡ༻Ͱݕ஌܏޲Λ஌Δ͜ͱ͕ νϡʔχϯάͷۃҙ 

Thank you !