Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Web Application Hardening (Boot Camp 2019) Day ...

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Recruit Technologies Recruit Technologies
June 24, 2019
Technology
0
44k

Web Application Hardening (Boot Camp 2019) Day 2 環境編

2019年度リクルート新人ブートキャンプ エンジニアコースの講義資料です

Avatar for Recruit Technologies

Recruit Technologies

June 24, 2019
Tweet

More Decks by Recruit Technologies

See All by Recruit Technologies
障害はチャンスだ! 障害を前向きに捉える
Avatar for Recruit Technologies rtechkouhou
1
760
Flutter移行の苦労と、乗り越えた先に得られたもの
Avatar for Recruit Technologies rtechkouhou
3
12k
ここ数年間のタウンワークiOSアプリのエンジニアのチャレンジ
Avatar for Recruit Technologies rtechkouhou
1
1.6k
大規模環境をAWS Transit Gatewayで設計/移行する前に考える3つのポイントと移行への挑戦
Avatar for Recruit Technologies rtechkouhou
1
2k
【61期 新人BootCamp】TOC入門
Avatar for Recruit Technologies rtechkouhou
3
42k
【RTC新人研修 】 TPS
Avatar for Recruit Technologies rtechkouhou
1
41k
Android Boot Camp 2020
Avatar for Recruit Technologies rtechkouhou
0
41k
HTML/CSS
Avatar for Recruit Technologies rtechkouhou
10
51k
TypeScript Bootcamp 2020
Avatar for Recruit Technologies rtechkouhou
9
46k

Other Decks in Technology

See All in Technology
Claude Code のコード品質がばらつくので AI に品質保証させる仕組みを作った話 / A story about building a mechanism to have AI ensure quality, because the code quality from Claude Code was inconsistent
Avatar for nrs nrslib
12
5.5k
EMからICへ、二周目人材としてAI全振りのプロダクト開発で見つけた武器
Avatar for Yuji Yamaguchi yug1224
5
530
[JAWSDAYS2026][D8]その起票、愛が足りてますか?AWSサポートを味方につける、技術的「ラブレター」の書き方
Avatar for hirosys hirosys_
3
120
Yahoo!ショッピングのレコメンデーション・システムにおけるML実践の一例 
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
190
AIエージェント、 社内展開の前に知っておきたいこと
Avatar for oracle4engineer oracle4engineer
PRO
2
100
8万デプロイ
Avatar for iwamot iwamot
PRO
2
230
EMからVPoEを経てCTOへ:マネジメントキャリアパスにおける葛藤と成長
Avatar for KAKEHASHI kakehashi
PRO
9
1.6k
IBM Bobを使って、PostgreSQLのToDoアプリをDb2へ変換してみよう/202603_Dojo_Bob
Avatar for Mayumi Hirano mayumihirano
1
300
製造業ドメインにおける LLMプロダクト構築: 複雑な文脈へのアプローチ
Avatar for recruiting@caddi.jp caddi_eng
1
550
AIエージェント時代に備える AWS Organizations とアカウント設計
Avatar for Hajime KOSHIRO kossykinto
3
730
マルチプレーンGPUネットワークを実現するシャッフルアーキテクチャの整理と考察
Avatar for Masayuki Kobayashi markunet
2
230
複数クラスタ運用と検索の高度化:ビズリーチにおけるElastic活用事例 / ElasticON Tokyo2026
Avatar for Visional Engineering & Design visional_engineering_and_design
0
130

Featured

See All Featured
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
Avatar for Mine Cetinkaya-Rundel minecr
1
190
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.7k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
Avatar for MADOX madoxten
61
52k
Between Models and Reality
Avatar for mayunak mayunak
2
230
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
659
61k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
55
12k
Technical Leadership for Architectural Decision Making
Avatar for Kenny Baas-Schwegler baasie
3
280
New Earth Scene 8
Avatar for Sydney Stone popppiees
1
1.7k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
37
7.2k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
17k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
Avatar for Akash Hashmi akashhashmi
0
290
Designing Powerful Visuals for Engaging Learning
Avatar for Mike Taylor tmiket
0
270

Transcript

  1. 8FC"QQMJDBUJPO)BSEFOJOH #PPU$BNQ %BZ؀ڥฤ גࣜձࣾϦΫϧʔτςΫϊϩδʔζ ϓϩμΫςΟϏςΟΤϯδχΞϦϯά෦ ϓϥοτϑΥʔϜηΩϡϦςΟάϧʔϓ ฏদ ߞี ੢ଜ फߊ

  2.  ԋशͷ؀ڥ

  3. 1SPKFDUSUDCPPUDBNQTFDVSJUZB  νʔϜ" νʔϜ# νʔϜ$ νʔϜ% 1SPKFDUSUDCPPUDBNQTFDVSJUZC 1SPKFDUSUDCPPUDBNQTFDVSJUZD 1SPKFDUSUDCPPUDBNQTFDVSJUZE $MPVE4PVSDF

    3FQPTJUPSJFT $MPVE#VJME $POUBJOFS 3FHJTUSZ $PNQVUF &OHJOF σϓϩΠ ߨࢣ ࣗಈ Ϗϧυ ίϯςφ ֨ೲ HJUQVTI 5$1ʹ߈ܸ

  4. 1SPKFDUSUDCPPUDBNQTFDVSJUZB  νʔϜ" νʔϜ# νʔϜ$ νʔϜ% 1SPKFDUSUDCPPUDBNQTFDVSJUZC 1SPKFDUSUDCPPUDBNQTFDVSJUZD 1SPKFDUSUDCPPUDBNQTFDVSJUZE $MPVE4PVSDF

    3FQPTJUPSJFT $MPVE#VJME $POUBJOFS 3FHJTUSZ $PNQVUF &OHJOF σϓϩΠ 5$1ʹ߈ܸ ߨࢣ ࣗಈ Ϗϧυ ίϯςφ ֨ೲ HJUQVTI ʜࣗಈతʹΠϝʔδ͕Ϗϧυ ͞Εɺ($&Πϯελϯε΁ ίϯςφ͕σϓϩΠ͞ΕΔʂ HJUͰϦϙδτϦͷ NBTUFSϒϥϯν΁ ίϛοτΛQVTI͢Δͱʜ

  5.  σϓϩΠ·Ͱͷखॱ

  6.  - $ - - -- ͜Ε͸"νʔϜͷ৔߹ खॱ($1ϓϩδΣΫτͷ੾Γସ͑ • HDMPVEίϚϯυΛ࢖༻ͯ͠σϑΥϧτϓϩδΣΫτΛࣗνʔϜͷϓϩ

    δΣΫτʹมߋ͠·͢ • ϓϩδΣΫτ໊຤ඌͷΞϧϑΝϕοτΛࣗ෼ͷνʔϜͷ΋ͷʹมߋͯͩ͘͠ ͍͞ • ͜ͷखॱ͸࠷ॳʹ౓͚ͩߦ͑͹0,Ͱ͢

  7.  खॱ$MPVE4PVSDF3FQPTJUPSZ͔ΒιʔείʔυΛऔಘ 2 0 2 0 01 • $43্ͷϦϙδτϦҰཡΛ֬ೝ͠·͢ •

    CBETOT͕ຊԋश༻ϦϙδτϦ • ϦϙδτϦΛΫϩʔϯ͠·͢ • ιʔείʔυͷฤू • ͓޷ΈͷΤσΟλͰฤू͍ͯͩ͘͠͞ • (JUίϚϯυͰιʔείʔυΛ؅ཧͰ͖·͢ • $43͸(JU)VCͷ($1൛ͷΑ͏ͳ΋ͷͰ͢ɻࣗ༝ʹϒϥϯν੾ͬͨΓͯ͠0,Ͱ͢ 2 0 2 0 $ 0 0

  8.  खॱΞϓϦͷσϓϩΠ • (JUίϚϯυΛ࢖ͬͯ$43ͷNBTUFSϒϥϯν΁QVTI͢Ε͹ࣗಈతʹ($& Πϯελϯε΁ίϯςφ͕σϓϩΠ͞Ε·͢ • σϓϩΠʹ͔͔Δ࣌ؒ͸Ϗϧυ࣌ʹͲΕ͚ͩΩϟογϡΛޮ͔ͤΒΕΔ ͔ʹΑͬͯҟͳΓ·͢ • ໨҆

    • ιʔείʔυͷΈͷมߋʙ෼ఔ౓ • (FNGJMFͷมߋ෼ఔ౓ • BQUHFUपΓͷมߋ෼ఔ౓ • ϕʔεΠϝʔδͷมߋ෼ఔ౓ - $ -

  9.  खॱ($&ΠϯελϯεΛ֬ೝ • ($&ΠϯελϯεͷҰཡΛ֬ೝ͠·͢ • CBETOTWN͕ຊԋश༻Πϯελϯε • CBETOTWNͷ&95&3/"-@*1Λ63-ͱͯ͠ϒϥ΢βʹೖྗ͠ɺࣗνʔϜ ͷ#BE4/4΁ΞΫηε͢Ε͹σϓϩΠ͞ΕͨΞϓϦΛ֬ೝͰ͖·͢ •

    . • ϒϥ΢βͰ($1ίϯιʔϧ͔ΒΞΫηε͢Ε͹44)Ͱ௚઀தʹೖΔ͜ͱ ΋Ͱ͖·͢ • ./ $ / $ $ $ . / $ / $ $ . / $ / /

  10.  5JQT$POUBJOFS3FHJTUSZ͔Β%PDLFSΠϝʔδΛऔಘ - 1 9 9 . /-9 0 •

    %PDLFSʹ($1ೝূઃఆΛ௥Ճ͠·͢ • $3্ͷ%PDLFSΠϝʔδҰཡΛ֬ೝ͠·͢ • HDSJPSUDCPPUDBNQTFDVSJUZ CBETOT͕ຊԋशͷΠϝʔδ • %PDLFSΠϝʔδΛQVMM͠·͢ - 1 9 / /2 - 1/ 0 911 - / 2 9 / $

  11.  5JQTϩʔΧϧͰͷΠϝʔδϏϧυˍಈ࡞֬ೝ • ιʔείʔυΛมߋͨ͠ΒσϓϩΠ͢ΔલʹϩʔΧϧͰಈ࡞֬ೝΛߦ͏͜ͱ Λڧ͘ਪ঑͠·͢ʂ • ιʔείʔυมߋޙɺEPDLFSίϚϯυͰΠϝʔδΛϏϧυ͠ͳ͓͠ɺίϯς φΛ࡞Γ௚ͤ͹σϓϩΠ͞ΕΔίϯςφͱಉ͡ঢ়ଶͰಈ࡞͕֬ೝͰ͖·͢ • ίϯςφͷىಈ΍ऴྃͳͲ͸ݕࠪͷࡍͱಉ༷Ͱ͢ʢΠϝʔδ໊Ҏ֎ʣ

    $ 0- 9/1 8 . / 8 8 2 - 9 /8 $ 0- 9 /:/1-.- 2 $ 2- $ . / 8 8 2 - 9 /8 $

  12.  ԋशͷਐΊํ

  13. ԋशʹ͍ͭͯ • νʔϜԋश • νʔϜͰڠྗͯ͠੬ऑੑΛमਖ਼͠ɺΞϓϦέʔγϣϯΛ ($&ΠϯελϯεʹσϓϩΠ͍ͯͩ͘͠͞ • ߨࢣਞ͕ॱ࣍($&Πϯελϯεʹ߈ܸΛ࢓ֻ͚ɺमਖ਼ঢ় گΛνΣοΫ͍͖ͯ͠·͢ •

    ٳܜ͸֤νʔϜͰࣗ༝ͳ࣌ؒʹऔͬͯ΋Βͬͯ0,Ͱ͢ • ੬ऑੑɾରࡦͷղઆ • ܭݸͷ੬ऑੑʹ͍ͭͯɺ۩ମతͳ߈ܸํ๏ͱରࡦํ๏ ͷղઆΛߦ͍·͢ 3 1 0 3 1  

  14.  είΞγʔτʹ͍ͭͯ • ֤νʔϜͷਐ௙ঢ়گΛϦΞϧλΠϜ࠾఺͠ ·͢ • ֤੬ऑੑʹ͍ͭͯɺ໰୊ͳ͘मਖ਼͞Ε͍ͯ ͨΒ఺ɺमਖ਼͞Ε͍ͯΔ͕ෆ׬શͳ৔߹͸ ఺ɺ੬ऑͳ··ͷ৔߹͸఺ͱͯ͠Χ΢ϯ τ

    • ߨࢣਞ͸$43্ͷιʔείʔυͱ($&Πϯ ελϯεͷಈ࡞Λݩʹɺख࡞ۀͱ໨ࢹͰॱ ࣍࠾఺͍͖ͯ͠·͢ɻ൓ө·Ͱϥά͕͋Γ ·͕͓͢ڐ͍ͩ͘͠͞

  15.  मਖ਼࣌ͷ஫ҙ఺ • 8FCΞϓϦͷػೳ͕ݩͷ௨Γਖ਼ৗʹಈ࡞͢ΔΑ͏ʹ͍ͯͩ͘͠͞ • ਖ਼ৗʹಈ࡞͍ͯ͠ͳ͍ػೳ͸੬ऑੑ͕௚͍ͬͯͳ͍΋ͷͱΈͳ͠·͢ • %#ͷॳظσʔλ͸ফ͞ͳ͍Ͱ͍ͩ͘͞ • ࠾఺࣌ʹ͸ݩʑొ࿥͞Ε͍ͯΔϢʔβͱͯ͠ϩάΠϯ͠ɺݕࠪΛߦ͏ͨΊɺϩά

    ΠϯͰ͖ͳ͍৔߹ʹ͸είΞͷߋ৽͕ࢭ·Γ·͢ • %#ʹؔ͢ΔมߋΛߦ͏৔߹͸੔߹ੑ͕յΕͳ͍Α͏ʹ஫ҙ͍ͯͩ͘͠͞ • *%OJTIJNVOFB 18ͰϩάΠϯͰ͖ͳ͍৔߹͸Կ͔͕ؒҧ͍ͬͯ·͢

  16.  આ໌͸Ҏ্Ͱ͢ ԋशɺؤு͍ͬͯͩ͘͞ʂ