Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Web Application Hardening (Boot Camp 2019) Day ...

Avatar for Recruit Technologies Recruit Technologies
June 24, 2019
Technology
0
44k

Web Application Hardening (Boot Camp 2019) Day 2 環境編

2019年度リクルート新人ブートキャンプ エンジニアコースの講義資料です

Avatar for Recruit Technologies

Recruit Technologies

June 24, 2019
Tweet

More Decks by Recruit Technologies

See All by Recruit Technologies
障害はチャンスだ! 障害を前向きに捉える
Avatar for Recruit Technologies rtechkouhou
1
730
Flutter移行の苦労と、乗り越えた先に得られたもの
Avatar for Recruit Technologies rtechkouhou
3
12k
ここ数年間のタウンワークiOSアプリのエンジニアのチャレンジ
Avatar for Recruit Technologies rtechkouhou
1
1.6k
大規模環境をAWS Transit Gatewayで設計/移行する前に考える3つのポイントと移行への挑戦
Avatar for Recruit Technologies rtechkouhou
1
1.9k
【61期 新人BootCamp】TOC入門
Avatar for Recruit Technologies rtechkouhou
3
42k
【RTC新人研修 】 TPS
Avatar for Recruit Technologies rtechkouhou
1
41k
Android Boot Camp 2020
Avatar for Recruit Technologies rtechkouhou
0
41k
HTML/CSS
Avatar for Recruit Technologies rtechkouhou
10
51k
TypeScript Bootcamp 2020
Avatar for Recruit Technologies rtechkouhou
9
46k

Other Decks in Technology

See All in Technology
ESXi のAIOps だ!2025冬
Avatar for Unno Wataru unnowataru
0
400
SQLだけでマイグレーションしたい!
Avatar for MakKi makki_d
0
1.2k
"人"が頑張るAI駆動開発
Avatar for yoko yokomachi
1
630
なぜ あなたはそんなに re:Invent に行くのか?
Avatar for Kazuki Miura miu_crescent
PRO
0
220
100以上の新規コネクタ提供を可能にしたアーキテクチャ
Avatar for yu-kioo ooyukioo
0
270
アラフォーおじさん、はじめてre:Inventに行く / A 40-Something Guy’s First re:Invent Adventure
Avatar for 株式会社カミナシ kaminashi
0
170
Building Serverless AI Memory with Mastra × AWS
Avatar for vvatanabe vvatanabe
0
620
投資戦略を量産せよ 2 - マケデコセミナー(2025/12/26)
Avatar for tomo gamella
0
470
ハッカソンから社内プロダクトへ AIエージェント ko☆shi 開発で学んだ4つの重要要素
Avatar for Tech Leverages leveragestech
0
270
さくらのクラウド開発ふりかえり2025
Avatar for kazeburo kazeburo
2
1.2k
アプリにAIを正しく組み込むための アーキテクチャ── 国産LLMの現実と実践
Avatar for Yasushi Taki kohju
0
240
株式会社ビザスク_AI__Engineering_Summit_Tokyo_2025_登壇資料.pdf
Avatar for VISASQ eikohashiba
1
120

Featured

See All Featured
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
Avatar for Umar Saidu Auna auna
0
29
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
10
760
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
So, you think you're a good person
Avatar for Per Axbom axbom
PRO
0
1.8k
Neural Spatial Audio Processing for Sound Field Analysis and Control
Avatar for NII S. Koyama's Lab skoyamalab
0
130
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
Avatar for Andy Polaine apolaine
0
130
Evolving SEO for Evolving Search Engines
Avatar for Ryan Jones ryanjones
0
77
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
BBQ
Avatar for Matthew Crist matthewcrist
89
9.9k
WCS-LA-2024
Avatar for Leonardo Collado-Torres lcolladotor
0
390
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
273
21k
sira's awesome portfolio website redesign presentation
Avatar for ElsiraPls elsirapls
0
91

Transcript

  1. 8FC"QQMJDBUJPO)BSEFOJOH #PPU$BNQ %BZ؀ڥฤ גࣜձࣾϦΫϧʔτςΫϊϩδʔζ ϓϩμΫςΟϏςΟΤϯδχΞϦϯά෦ ϓϥοτϑΥʔϜηΩϡϦςΟάϧʔϓ ฏদ ߞี ੢ଜ फߊ

  2.  ԋशͷ؀ڥ

  3. 1SPKFDUSUDCPPUDBNQTFDVSJUZB  νʔϜ" νʔϜ# νʔϜ$ νʔϜ% 1SPKFDUSUDCPPUDBNQTFDVSJUZC 1SPKFDUSUDCPPUDBNQTFDVSJUZD 1SPKFDUSUDCPPUDBNQTFDVSJUZE $MPVE4PVSDF

    3FQPTJUPSJFT $MPVE#VJME $POUBJOFS 3FHJTUSZ $PNQVUF &OHJOF σϓϩΠ ߨࢣ ࣗಈ Ϗϧυ ίϯςφ ֨ೲ HJUQVTI 5$1ʹ߈ܸ

  4. 1SPKFDUSUDCPPUDBNQTFDVSJUZB  νʔϜ" νʔϜ# νʔϜ$ νʔϜ% 1SPKFDUSUDCPPUDBNQTFDVSJUZC 1SPKFDUSUDCPPUDBNQTFDVSJUZD 1SPKFDUSUDCPPUDBNQTFDVSJUZE $MPVE4PVSDF

    3FQPTJUPSJFT $MPVE#VJME $POUBJOFS 3FHJTUSZ $PNQVUF &OHJOF σϓϩΠ 5$1ʹ߈ܸ ߨࢣ ࣗಈ Ϗϧυ ίϯςφ ֨ೲ HJUQVTI ʜࣗಈతʹΠϝʔδ͕Ϗϧυ ͞Εɺ($&Πϯελϯε΁ ίϯςφ͕σϓϩΠ͞ΕΔʂ HJUͰϦϙδτϦͷ NBTUFSϒϥϯν΁ ίϛοτΛQVTI͢Δͱʜ

  5.  σϓϩΠ·Ͱͷखॱ

  6.  - $ - - -- ͜Ε͸"νʔϜͷ৔߹ खॱ($1ϓϩδΣΫτͷ੾Γସ͑ • HDMPVEίϚϯυΛ࢖༻ͯ͠σϑΥϧτϓϩδΣΫτΛࣗνʔϜͷϓϩ

    δΣΫτʹมߋ͠·͢ • ϓϩδΣΫτ໊຤ඌͷΞϧϑΝϕοτΛࣗ෼ͷνʔϜͷ΋ͷʹมߋͯͩ͘͠ ͍͞ • ͜ͷखॱ͸࠷ॳʹ౓͚ͩߦ͑͹0,Ͱ͢

  7.  खॱ$MPVE4PVSDF3FQPTJUPSZ͔ΒιʔείʔυΛऔಘ 2 0 2 0 01 • $43্ͷϦϙδτϦҰཡΛ֬ೝ͠·͢ •

    CBETOT͕ຊԋश༻ϦϙδτϦ • ϦϙδτϦΛΫϩʔϯ͠·͢ • ιʔείʔυͷฤू • ͓޷ΈͷΤσΟλͰฤू͍ͯͩ͘͠͞ • (JUίϚϯυͰιʔείʔυΛ؅ཧͰ͖·͢ • $43͸(JU)VCͷ($1൛ͷΑ͏ͳ΋ͷͰ͢ɻࣗ༝ʹϒϥϯν੾ͬͨΓͯ͠0,Ͱ͢ 2 0 2 0 $ 0 0

  8.  खॱΞϓϦͷσϓϩΠ • (JUίϚϯυΛ࢖ͬͯ$43ͷNBTUFSϒϥϯν΁QVTI͢Ε͹ࣗಈతʹ($& Πϯελϯε΁ίϯςφ͕σϓϩΠ͞Ε·͢ • σϓϩΠʹ͔͔Δ࣌ؒ͸Ϗϧυ࣌ʹͲΕ͚ͩΩϟογϡΛޮ͔ͤΒΕΔ ͔ʹΑͬͯҟͳΓ·͢ • ໨҆

    • ιʔείʔυͷΈͷมߋʙ෼ఔ౓ • (FNGJMFͷมߋ෼ఔ౓ • BQUHFUपΓͷมߋ෼ఔ౓ • ϕʔεΠϝʔδͷมߋ෼ఔ౓ - $ -

  9.  खॱ($&ΠϯελϯεΛ֬ೝ • ($&ΠϯελϯεͷҰཡΛ֬ೝ͠·͢ • CBETOTWN͕ຊԋश༻Πϯελϯε • CBETOTWNͷ&95&3/"-@*1Λ63-ͱͯ͠ϒϥ΢βʹೖྗ͠ɺࣗνʔϜ ͷ#BE4/4΁ΞΫηε͢Ε͹σϓϩΠ͞ΕͨΞϓϦΛ֬ೝͰ͖·͢ •

    . • ϒϥ΢βͰ($1ίϯιʔϧ͔ΒΞΫηε͢Ε͹44)Ͱ௚઀தʹೖΔ͜ͱ ΋Ͱ͖·͢ • ./ $ / $ $ $ . / $ / $ $ . / $ / /

  10.  5JQT$POUBJOFS3FHJTUSZ͔Β%PDLFSΠϝʔδΛऔಘ - 1 9 9 . /-9 0 •

    %PDLFSʹ($1ೝূઃఆΛ௥Ճ͠·͢ • $3্ͷ%PDLFSΠϝʔδҰཡΛ֬ೝ͠·͢ • HDSJPSUDCPPUDBNQTFDVSJUZ CBETOT͕ຊԋशͷΠϝʔδ • %PDLFSΠϝʔδΛQVMM͠·͢ - 1 9 / /2 - 1/ 0 911 - / 2 9 / $

  11.  5JQTϩʔΧϧͰͷΠϝʔδϏϧυˍಈ࡞֬ೝ • ιʔείʔυΛมߋͨ͠ΒσϓϩΠ͢ΔલʹϩʔΧϧͰಈ࡞֬ೝΛߦ͏͜ͱ Λڧ͘ਪ঑͠·͢ʂ • ιʔείʔυมߋޙɺEPDLFSίϚϯυͰΠϝʔδΛϏϧυ͠ͳ͓͠ɺίϯς φΛ࡞Γ௚ͤ͹σϓϩΠ͞ΕΔίϯςφͱಉ͡ঢ়ଶͰಈ࡞͕֬ೝͰ͖·͢ • ίϯςφͷىಈ΍ऴྃͳͲ͸ݕࠪͷࡍͱಉ༷Ͱ͢ʢΠϝʔδ໊Ҏ֎ʣ

    $ 0- 9/1 8 . / 8 8 2 - 9 /8 $ 0- 9 /:/1-.- 2 $ 2- $ . / 8 8 2 - 9 /8 $

  12.  ԋशͷਐΊํ

  13. ԋशʹ͍ͭͯ • νʔϜԋश • νʔϜͰڠྗͯ͠੬ऑੑΛमਖ਼͠ɺΞϓϦέʔγϣϯΛ ($&ΠϯελϯεʹσϓϩΠ͍ͯͩ͘͠͞ • ߨࢣਞ͕ॱ࣍($&Πϯελϯεʹ߈ܸΛ࢓ֻ͚ɺमਖ਼ঢ় گΛνΣοΫ͍͖ͯ͠·͢ •

    ٳܜ͸֤νʔϜͰࣗ༝ͳ࣌ؒʹऔͬͯ΋Βͬͯ0,Ͱ͢ • ੬ऑੑɾରࡦͷղઆ • ܭݸͷ੬ऑੑʹ͍ͭͯɺ۩ମతͳ߈ܸํ๏ͱରࡦํ๏ ͷղઆΛߦ͍·͢ 3 1 0 3 1  

  14.  είΞγʔτʹ͍ͭͯ • ֤νʔϜͷਐ௙ঢ়گΛϦΞϧλΠϜ࠾఺͠ ·͢ • ֤੬ऑੑʹ͍ͭͯɺ໰୊ͳ͘मਖ਼͞Ε͍ͯ ͨΒ఺ɺमਖ਼͞Ε͍ͯΔ͕ෆ׬શͳ৔߹͸ ఺ɺ੬ऑͳ··ͷ৔߹͸఺ͱͯ͠Χ΢ϯ τ

    • ߨࢣਞ͸$43্ͷιʔείʔυͱ($&Πϯ ελϯεͷಈ࡞Λݩʹɺख࡞ۀͱ໨ࢹͰॱ ࣍࠾఺͍͖ͯ͠·͢ɻ൓ө·Ͱϥά͕͋Γ ·͕͓͢ڐ͍ͩ͘͠͞

  15.  मਖ਼࣌ͷ஫ҙ఺ • 8FCΞϓϦͷػೳ͕ݩͷ௨Γਖ਼ৗʹಈ࡞͢ΔΑ͏ʹ͍ͯͩ͘͠͞ • ਖ਼ৗʹಈ࡞͍ͯ͠ͳ͍ػೳ͸੬ऑੑ͕௚͍ͬͯͳ͍΋ͷͱΈͳ͠·͢ • %#ͷॳظσʔλ͸ফ͞ͳ͍Ͱ͍ͩ͘͞ • ࠾఺࣌ʹ͸ݩʑొ࿥͞Ε͍ͯΔϢʔβͱͯ͠ϩάΠϯ͠ɺݕࠪΛߦ͏ͨΊɺϩά

    ΠϯͰ͖ͳ͍৔߹ʹ͸είΞͷߋ৽͕ࢭ·Γ·͢ • %#ʹؔ͢ΔมߋΛߦ͏৔߹͸੔߹ੑ͕յΕͳ͍Α͏ʹ஫ҙ͍ͯͩ͘͠͞ • *%OJTIJNVOFB 18ͰϩάΠϯͰ͖ͳ͍৔߹͸Կ͔͕ؒҧ͍ͬͯ·͢

  16.  આ໌͸Ҏ্Ͱ͢ ԋशɺؤு͍ͬͯͩ͘͞ʂ