Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Composerを活用した脆弱性ハンドリングツールのご紹介

 Composerを活用した脆弱性ハンドリングツールのご紹介

PHPカンファレンス福岡2016 LT枠を頂きました。

ブログ:
https://xn--y8j148r.xn--q9jyb4c/2016/05/22/php-bach/

ギットハブ:
https://github.com/tisayama/composer-vuln-handler

tisayama

May 21, 2016
Tweet

Other Decks in Technology

Transcript

  1. $PNQPTFS쎩׆༻썮썶
    ੬ऑੑ쏙쏽쏓쏴쏽쎺
    ؎ࢁ మฏ

    View full-size slide

  2. ࣗݾ঺հ
    • ؎ࢁ మฏ
    • גࣜձࣾ쎽쎬쏳ॴଐɾ쎬쏡쏴։ൃ
    • 썶쎕쎂쏅쎷쏯쏴쏐쎭썗৘ใऩू
    • !UFUUF
    • IUUQT؁썦쎖쎪쎁

    View full-size slide

  3. 썪쎪쎁썪썿쎁썛썾썰썢ʁ
    •8FC쎬쏡쏴։ൃத쎂쏟쏶썗쏪쏹썗쎹쎂
    ੬ऑੑ썣ݟ썻썢썺썽쎙ؾ썼썢쎁썛
    •8FC쎬쏡쏴쎅੬ऑੑ쎆ɺࣗ෼썶썸쎅
    쎽썗쏓썷써쎂ؾ쎩썻써쎣쎇େৎ෉썷썿
    ࢥ썺썽썛쎢

    View full-size slide

  4. 썪쎪쎁쏎썗쏵썙썺썶쎠ྑ썛썾썰쎟쎄
    •썾썤쎢썷써खܰ쎂੬ऑੑ৘ใ쎩ಘ쎠쎣쎢
    •$PNQPTFS썾쎮쏽쏃쏒썗쏵썰쎢썿썤쎂ڭ썟
    썽썦쎣쎢

    View full-size slide

  5. 4FOTJP-BCT썣࡞썺썽쎕썮썶

    View full-size slide

  6. ໰୊఺
    • (JU)VC썾쎅$POUSJCVUF쎂པ썺썽썛쎢썶쎘ɺ
    ৘ใ쎅໢ཏੑ쎂໰୊
    • ྫ
    $BLF1)1쎅೥쎅੬ऑੑ썣ࡌ썺썽쎁썛
    • ྫ
    &$$6#&쎁쎀쎆߲໨ࣗମ썣쎁썛
    ˠ 썙쎢ఔ౓쎅ࣗಈԽ쎆ඞཁ썾쎆

    View full-size slide

  7. UJTBZBNBDPNQPTFSWVMOIBOEMFS
    ࣗ෼쎁쎡쎂࡞썺썽쎖쎕썮썶

    View full-size slide

  8. ࢖썛ํ
    쎮쏽쏃쏒썗쏵
    쎽쏨쏽쏓썾࣮ߦ
    DPNQPTFSSFRVJSFUJTBZBNBDPNQPTFSWVMOIBOEMFS

    View full-size slide

  9. ࢖썛ํ
    ࣮ߦ
    ҎԼ쎅쎽쏨쏽쏓썾ࣗಈ࣮ߦ
    DPNQPTFSJOTUBMM
    DPNQPTFSVQEBUF
    DPNQPTFSEVNQBVUPMPBE

    View full-size slide

  10. DPNQPTFSKTPO
    ةݥͳόʔδϣϯͷ4ZNGPOZ

    View full-size slide

  11. DPNQPTFSEVNQBVUPMPBEޙ
    ੬ऑੑ

    View full-size slide

  12. 썷썛썶썛쎅ಈ썤
    "1*
    ($&্

    쏡쏳쎺쎮쏽
    ݺ쎊ग़썮
    쏛쏍쎻썗쏂쎩໰썛߹쎦썲
    ੬ऑੑ쎩දࣔ

    View full-size slide

  13. 쏑썗쏉ੜ੒쎅ಈ썤
    BQQ
    ($&্

    /7% 64

    1BDLBHJTU
    $PNQPTFS
    쏴쏧쏂쏒쏴

    ʮ쎒쎓ʯࣗಈԽࡁ쎖˞
    쏡쏷쎺쏳쏪썾ॲཧ
    脆弱性

    View full-size slide

  14. ࠓޙ쎅՝୊쎁쎀

    • ੬ऑੑ৘ใ쎅ग़ྗ쎂ରԠ썮썶쏛쏍쎻썗쏂썣গ
    쎁썛
    • ඥ෇써৘ใ썣쎁썛썶쎘 ໊শ쎅ਖ਼نԽ쏑썗쏉

    • ৘ใఏڙ썡଴썸썮썽썡쎡쎕썰
    • ެද썬쎣썽썛쎢੬ऑੑ썮썢ग़쎁썛
    • ݕࠪ쏎썗쏵쎙࢖썺썽썛썦쎐썤

    View full-size slide

  15. ࠓޙ쎅՝୊쎁쎀

    • 쏑썗쏉ੜ੒쎂ڪ쎤썮썦࣌ؒ썣썢썢쎢
    • 쏆쏷쏑쎮ରԠ쎆ظ଴썾썤쎕썲쎪

    View full-size slide

  16. 썙쎡썣썿썝썫썭썛쎕썮썶ʂ

    View full-size slide