Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec
Search
Tomoyuki KOYAMA
May 05, 2018
Technology
0
180
既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec
学生LT#11, @DMM
Tomoyuki KOYAMA
May 05, 2018
Tweet
Share
More Decks by Tomoyuki KOYAMA
See All by Tomoyuki KOYAMA
Reading HTTP Client Hints
tomoyk
0
81
Log message with JSON item count for root cause analysis in microservices
tomoyk
0
190
Distributed Log Search Based on Time Series Access and Service Relations
tomoyk
0
320
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
tomoyk
0
400
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
tomoyk
2
890
この先生きのこるための学び方 / how-to-learn-tech
tomoyk
1
380
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
tomoyk
1
170
パケットを覗いてみよう / Packet workshop for beginners
tomoyk
0
330
XSSの入力値を調べてみた / searching xss insertion value
tomoyk
3
1.5k
Other Decks in Technology
See All in Technology
United™️ Airlines®️ Customer®️ USA Contact Numbers: Complete 2025 Support Guide
flyunitedguide
0
730
AIの全社活用を推進するための安全なレールを敷いた話
shoheimitani
2
610
ソフトウェアテストのAI活用_ver1.25
fumisuke
1
520
Sansanのデータプロダクトマネジメントのアプローチ
sansantech
PRO
0
220
60以上のプロダクトを持つ組織における開発者体験向上への取り組み - チームAPIとBackstageで構築する組織の可視化基盤 - / sre next 2025 Efforts to Improve Developer Experience in an Organization with Over 60 Products
vtryo
2
630
microCMSではじめるAIライティング
himaratsu
0
110
事例で学ぶ!B2B SaaSにおけるSREの実践例/SRE for B2B SaaS: A Real-World Case Study
bitkey
1
280
QuickSight SPICE の効果的な運用戦略~S3 + Athena 構成での実践ノウハウ~/quicksight-spice-s3-athena-best-practices
emiki
0
240
[SRE NEXT] ARR150億円_エンジニア140名_27チーム_17プロダクトから始めるSLO.pdf
satos
3
1.7k
Delta airlines Customer®️ USA Contact Numbers: Complete 2025 Support Guide
deltahelp
0
1.1k
オフィスビルを監視しよう:フィジカル×デジタルにまたがるSLI/SLO設計と運用の難しさ / Monitoring Office Buildings: The Challenge of Physical-Digital SLI/SLO Design & Operation
bitkey
1
290
ポストコロナ時代の SaaS におけるコスト削減の意義
izzii
1
190
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
36
2.8k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
6
320
Building Flexible Design Systems
yeseniaperezcruz
328
39k
For a Future-Friendly Web
brad_frost
179
9.8k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.3k
Adopting Sorbet at Scale
ufuk
77
9.5k
Intergalactic Javascript Robots from Outer Space
tanoku
271
27k
Side Projects
sachag
455
42k
Docker and Python
trallard
44
3.5k
Raft: Consensus for Rubyists
vanstee
140
7k
Fireside Chat
paigeccino
37
3.5k
Transcript
طଘͷ8FCΞϓϦΛ ηΩϡΞʹ͢ΔͨΊʹ ͬͨ͜ͱ 5PNPZVLJ,0:"." ֶੜ-5
ࣗݾհ w /BNFίϠϚτϞϢΩ w (SBEFཧܥେֶ# w 5XJUUFS!UNZL@LZN w #MPHIUUQTCMPHLPZBNBNF w
5BHT/FUXPSL8FC4FSWFS4FDVSJUZ
ҳൠͷޡՈఉ ϠϑΦΫͰதݹͷωοτϫʔΫػثΛߪೖ
ۙگ w ٕज़ॻయʹߦͬͨ w ొηΩεϖΛड͚ͨ w IBDLʹམͪͨ w ֶੜ-5ʹؒʹ߹ͬͨɹˡ/&8
8FCηΩϡϦςΟ ͷجૅ
944 w ΫϩεɾαΠτɾεΫϦϓςΟϯά w )5.-ʹεΫϦϓτ͕ૠೖ͞ΕΔ͜ͱͰɺ ҙͷॲཧ͕࣮ߦ͞ΕΔ w $8&*NQSPQFS/FVUSBMJ[BUJPOPG*OQVU %VSJOH8FC1BHF(FOFSBUJPO $SPTTTJUF
4DSJQUJOH
944 EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF I QIQFDIP@(&5<NPEF> I EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF
IIFMMPI ม@(&5<bNPEF`>ʹIFMMP͕ઃఆ͞Ε͍ͯΔͱʜ 4BGF
944 EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF I QIQFDIP@(&5<NPEF> I EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF
ITDSJQUBMFSU TDSJQUI ม@(&5<bNPEF`>ʹTDSJQUBMFSU TDSJQU͕ ઃఆ͞Ε͍ͯΔͱʜ VO4BGF
'SBNF8PSLʹཔΔͱʜ w 'SBNF8PSL͕ࣗಈͰΤεέʔϓͯ͘͠ΕΔ w ηΩϡϦςΟΛҙࣝͤͣʹ։ൃՄ w 3VCZPO3BJMT 'MBTL $BLF1)1 FUDʜ
طଘͷ8FCΞϓϦΛ ηΩϡΞʹ͢ΔͨΊʹ ͬͨ͜ͱ
ܦҢ w ͱ͋Δ8FCΞϓϦ ൿͷιʔε Λಈ͔͢ґཔΛ ड͚Δ w ѻ͏σʔλݸਓใ w ηΩϡϦςΟΛݟͯ͠Έͨ
ͬͨ͜ͱ
44-Խ w )551ˠ)5514 w 44-ূ໌ॻΛ-FU`T&ODSZQUͰऔಘ w ैདྷݸਓใΛฏจͰΓऔΓ
͓͠·͍
ͬͨ͜ͱ w ॳڃ w 44-Խ w தڃ w ্ڃ
ͬͨ͜ͱதڃ w $PPLJFIUUQPOMZଐੑ TFDVSFଐੑΛ༩ w ϨεϙϯεϔομҎԼΛ༩ w 99441SPUFDUJPONPEFCMPDL w 9'SBNF0QUJPOT4".&03*(*/
w 9$POUFOU5ZQF0QUJPOTOPTOJ⒎
$PPLJFIUUQPOMZଐੑ TFDVSFଐੑΛ༩
99441SPUFDUJPO NPEFCMPDL w 8FCϒϥβͷ944ϑΟϧλʔΛڧ੍0/ w 944Λݕ͢ΔͱϒϩοΫ͢Δ IUUQFYBNQMFDPNTFBSDI TDSJQUBMFSU TDSJQU
9'SBNF0QUJPOT 9$POUFOU5ZQF0QUJPOT w 9'SBNF0QUJPOT4".&03*(*/ w ΫϦοΫɾδϟοΩϯάରࡦ JGSBNFͰͷผαΠτ͔ΒຒΊࠐΈΛېࢭ w 9$POUFOU5ZQF0QUJPOTOPTOJ⒎
w FͷΞΠίϯͳϒϥβͰͷ944Λࢭ
ͬͨ͜ͱ্ڃ w ηογϣϯɾλΠϜΞτ w ϨεϙϯεϔομҎԼΛ༩ w $BDIF$POUSPMQSJWBUF OPTUPSF w 4USJDU5SBOTQPSU4FDVSJUZNBY
BHFJODMVEF4VCEPNBJOT
ηογϣϯɾλΠϜΞτ $PPLJFͷ&YQJSFଐੑͰ༗ޮظݶΛઃఆ
$BDIF$POUSPM QSJWBUF OPTUPSF w ϚΠϖʔδ ݸਓใ ͳͲΛ1SPYZ$%/ͰΩϟο γϡͰอ࣋͠ͳ͍ w ࢀߟʮϝϧΧϦɹݸਓใྲྀग़ʯ
4USJDU5SBOTQPSU4FDVSJUZNBY BHFJODMVEF4VCEPNBJOT w )454 )5514USJDU5SBOTQPSU4FDVSJUZ w IUUQˠIUUQTஔ͖͑ͯϦΫΤετΛૹ৴ w <T><EBZ>
·ͱΊ w 8FCΞϓϦΛެ։͢Δͱ͖44-Խ͠Α͏ w $PPLJFϨεϙϯεɾϔομʹҙ͠Α͏ w ແঈεΩϟφͷ08"41;"1Φεεϝ
݁Ռ
Γ͕͍(&5 ใु;&30
ࡉ͔͍͜ͱ࠙ձͰ ั·͑ͯฉ͍ͯω 5IBOLT