Upgrade to Pro — share decks privately, control downloads, hide ads and more …

既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec

49116ff34041caf0476b170ab193ebc5?s=47 Tomoyuki KOYAMA
May 05, 2018
Technology
0
93

既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec

学生LT#11, @DMM

49116ff34041caf0476b170ab193ebc5?s=128

Tomoyuki KOYAMA

May 05, 2018
Tweet

More Decks by Tomoyuki KOYAMA

See All by Tomoyuki KOYAMA
Distributed Log Search Based on Time Series Access and Service Relations
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
13
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
170
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
2
280
この先生きのこるための学び方 / how-to-learn-tech
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
1
220
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
1
88
パケットを覗いてみよう / Packet workshop for beginners
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
200
XSSの入力値を調べてみた / searching xss insertion value
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
3
1.1k
ブレース展開のススメ
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
290
スマートフォンにおける気象データの可視化 / Visualization of the weather data for the smartphone
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
27

Other Decks in Technology

See All in Technology
0->1 フェーズで E2E 自動テストを導入した私たちの、これまでとこれから
Cf37e498a7fc8d3c589c91f56fb98e1c?s=48 yoyakoba
0
350
SRENEXT2022 組織にSREを実装していくまでの道のり
9cd2d753636f4849c881ccf2381228ee?s=48 marnie0301
1
380
ITエンジニアを取り巻く環境とキャリアパス / A career path for Japanese IT engineers
D2322aa2c45d0190205b3ed8bfdd6717?s=48 takatama
0
590
Graph API について
C0c0e8e4d7f83912cb1b1a0699df82a5?s=48 miyakemito
0
250
信頼性の階層の一段目を積み上げる/Monitoring Dashboard
0b238801605070def81a98cfe8061aee?s=48 shonansurvivors
0
170
220521_SFN_品質文化試論と『LEADING QUALITY』/220521_SFN_Essay_of_Quality_Culture_and_LEADING_QUALITY
C8cde92274f0ca1ff9b046673d4f2d29?s=48 mkwrd
0
190
數據的多重宇宙 @ LINE Taiwan
2102a6b8760bd6f57f672805723dd83a?s=48 line_developers_tw
PRO
0
660
LINEスタンプの実例紹介 小さく始める障害検知・対応・振り返りの 改善プラクティス
A3966f193f4bef226a0d3e3c1f728d7f?s=48 line_developers
PRO
3
1.5k
アルプの 認証/認可分離戦略と手法
C6a8cb5e13aa716521d522471ec4e4cd?s=48 ma2k8
PRO
1
300
AWS Control TowerとAWS Organizationsを活用した組織におけるセキュリティ設定
F2ccc400e285972d80feab0e4e57b5f7?s=48 fu3ak1
2
640
Building smarter apps with machine learning, from magic to reality
7e6a435700dda6cdb22105d601f20892?s=48 picardparis
4
3.1k
⚡Lightdashを試してみた
2c6a9bc003b77685330cc9359b6fbbc4?s=48 k_data_analyst
0
210

Featured

See All Featured
Become a Pro
828ace851b606e1206900f26459f55ad?s=48 speakerdeck
PRO
3
780
Put a Button on it: Removing Barriers to Going Fast.
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
56
2.3k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
19
1.4k
How GitHub Uses GitHub to Build GitHub
78b475797a14c84799063c7cd073962f?s=48 holman
465
280k
What the flash - Photography Introduction
5ce91fa49a613cbc3e20d5f96856473f?s=48 edds
61
10k
Build The Right Thing And Hit Your Dates
016edace78ffe826f2348d1e0c504afd?s=48 maggiecrowley
19
1.1k
Thoughts on Productivity
A16eb159db895e3b01d3dc95767ad595?s=48 jonyablonski
43
2.2k
Building a Scalable Design System with Sketch
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
447
30k
How To Stay Up To Date on Web Technology
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
780
250k
A better future with KSS
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
225
15k
Atom: Resistance is Futile
7fa6101cd43067653cf4ac6c7ca54305?s=48 akmur
255
20k
YesSQL, Process and Tooling at Scale
D09fad3e36ae6841f54820be0e907f7a?s=48 rocio
157
12k

Transcript

  1. طଘͷ8FCΞϓϦΛ
 ηΩϡΞʹ͢ΔͨΊʹ
 ΍ͬͨ͜ͱ  5PNPZVLJ,0:"." ֶੜ-5

  2. ࣗݾ঺հ w /BNFίϠϚτϞϢΩ w (SBEFཧ޻ܥେֶ# w 5XJUUFS!UNZL@LZN w #MPHIUUQTCMPHLPZBNBNF w

    5BHT/FUXPSL8FC4FSWFS4FDVSJUZ

  3. ҳൠͷޡՈఉ ϠϑΦΫͰதݹͷωοτϫʔΫػثΛߪೖ

  4. ۙگ w ٕज़ॻయʹߦͬͨ w ొ࿥ηΩεϖΛड͚ͨ w ๭IBDLʹམͪͨ w ֶੜ-5ʹؒʹ߹ͬͨɹˡ/&8

  5. 8FCηΩϡϦςΟ
 ͷجૅ

  6. 944 w ΫϩεɾαΠτɾεΫϦϓςΟϯά w )5.-಺ʹεΫϦϓτ͕ૠೖ͞ΕΔ͜ͱͰɺ೚ ҙͷॲཧ͕࣮ߦ͞ΕΔ w $8&*NQSPQFS/FVUSBMJ[BUJPOPG*OQVU %VSJOH8FC1BHF(FOFSBUJPO $SPTTTJUF

    4DSJQUJOH   

  7. 944 EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF I QIQFDIP@(&5<NPEF> I EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF

    IIFMMPI ม਺@(&5<bNPEF`>ʹIFMMP͕ઃఆ͞Ε͍ͯΔͱʜ 4BGF

  8. 944 EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF I QIQFDIP@(&5<NPEF> I EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF

    ITDSJQUBMFSU TDSJQUI ม਺@(&5<bNPEF`>ʹTDSJQUBMFSU TDSJQU͕
 ઃఆ͞Ε͍ͯΔͱʜ VO4BGF

  9. 'SBNF8PSLʹཔΔͱʜ w 'SBNF8PSL͕ࣗಈͰΤεέʔϓͯ͘͠ΕΔ w ηΩϡϦςΟΛҙࣝͤͣʹ։ൃՄ w 3VCZPO3BJMT 'MBTL $BLF1)1 FUDʜ

  10. طଘͷ8FCΞϓϦΛ
 ηΩϡΞʹ͢ΔͨΊʹ
 ΍ͬͨ͜ͱ

  11. ܦҢ w ͱ͋Δ8FCΞϓϦ ൿ఻ͷιʔε Λಈ͔͢ґཔΛ ड͚Δ w ѻ͏σʔλ͸ݸਓ৘ใ w ηΩϡϦςΟΛݟ௚ͯ͠Έͨ

  12. ΍ͬͨ͜ͱ

  13. 44-Խ w )551ˠ)5514 w 44-ূ໌ॻΛ-FU`T&ODSZQUͰऔಘ w ैདྷ͸ݸਓ৘ใΛฏจͰ΍ΓऔΓ

  14. ͓͠·͍

  15. ΍ͬͨ͜ͱ w ॳڃ w 44-Խ w தڃ w ্ڃ

  16. ΍ͬͨ͜ͱதڃ w $PPLJF΁IUUQPOMZଐੑ TFDVSFଐੑΛ෇༩ w Ϩεϙϯεϔομ΁ҎԼΛ෇༩ w 99441SPUFDUJPONPEFCMPDL w 9'SBNF0QUJPOT4".&03*(*/

    w 9$POUFOU5ZQF0QUJPOTOPTOJ⒎

  17. $PPLJF΁IUUQPOMZଐੑ  TFDVSFଐੑΛ෇༩

  18. 99441SPUFDUJPO NPEFCMPDL w 8FCϒϥ΢βͷ944ϑΟϧλʔΛڧ੍0/ w 944Λݕ஌͢ΔͱϒϩοΫ͢Δ IUUQFYBNQMFDPNTFBSDI TDSJQUBMFSU TDSJQU

  19. 9'SBNF0QUJPOT
 9$POUFOU5ZQF0QUJPOT w 9'SBNF0QUJPOT4".&03*(*/ w ΫϦοΫɾδϟοΩϯάରࡦ
 JGSBNFͰͷผαΠτ͔ΒຒΊࠐΈΛېࢭ  w 9$POUFOU5ZQF0QUJPOTOPTOJ⒎

    w FͷΞΠίϯͳϒϥ΢βͰͷ944Λ๷ࢭ

  20. ΍ͬͨ͜ͱ্ڃ w ηογϣϯɾλΠϜΞ΢τ w Ϩεϙϯεϔομ΁ҎԼΛ෇༩ w $BDIF$POUSPMQSJWBUF OPTUPSF w 4USJDU5SBOTQPSU4FDVSJUZNBY

    BHFJODMVEF4VCEPNBJOT

  21. ηογϣϯɾλΠϜΞ΢τ $PPLJFͷ&YQJSFଐੑͰ༗ޮظݶΛઃఆ

  22. $BDIF$POUSPM
 QSJWBUF OPTUPSF w ϚΠϖʔδ ݸਓ৘ใ ͳͲΛ1SPYZ$%/ͰΩϟο γϡͰอ࣋͠ͳ͍ w ࢀߟʮϝϧΧϦɹݸਓ৘ใྲྀग़ʯ

  23. 4USJDU5SBOTQPSU4FDVSJUZNBY BHFJODMVEF4VCEPNBJOT w )454 )5514USJDU5SBOTQPSU4FDVSJUZ  w IUUQˠIUUQT΁ஔ͖׵͑ͯϦΫΤετΛૹ৴ w <T><EBZ>

  24. ·ͱΊ w 8FCΞϓϦΛެ։͢Δͱ͖͸44-Խ͠Α͏ w $PPLJF΍Ϩεϙϯεɾϔομʹ஫ҙ͠Α͏ w ແঈεΩϟφͷ08"41;"1͸Φεεϝ

  25. ݁Ռ

  26. ΍Γ͕͍(&5 ใु;&30

  27. ࡉ͔͍͜ͱ͸࠙਌ձͰ ั·͑ͯฉ͍ͯω 5IBOLT