Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Goなどで作る脆弱性対策ゲーム / go-bigbridge
Search
KONDO Uchio
June 14, 2018
Technology
1
820
Goなどで作る脆弱性対策ゲーム / go-bigbridge
@Fukuoka.go #11
https://fukuokago.connpass.com/event/87684/
KONDO Uchio
June 14, 2018
Tweet
Share
More Decks by KONDO Uchio
See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2.2k
Ruby x BPF in Action / RubyKaigi 2022
udzura
0
160
Narrative of Ruby & Rust
udzura
0
150
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.5k
Talk of RBS
udzura
0
350
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
670
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
620
Device access filtering in cgroup v2
udzura
1
710
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
630
Other Decks in Technology
See All in Technology
[NIKKEI Tech Talk] KDDI/KAG Scrum & Community for Engineering Training
curanosuke
2
220
AIアシスタントの活用で品質の向上と開発ワークフローのスピードアップ
nagix
1
210
初中級者用如何使用backlog -VALE TUDOEDITION-
in0u
0
140
E2Eテスト自動化プラットフォームにおけるAIの活用
shift_evolve
0
190
AWSでRAGを作る法方
sonoda_mj
1
140
Classmethod Odyssey 登壇資料
yamahiro
0
390
Github Actions 로 Android 팀의 효율성 극대화
hadonghyun
0
160
ペパボのオブザーバビリティ研修2024 説明資料
kesompochy
0
1.1k
Amazon FSx for NetApp ONTAPのパフォーマンスチューニング要素をまとめてみた #cm_odyssey #devio2024
non97
0
220
【基調講演】変える、今ここから ― IoTとAIで紡ぐ未来
soracom
PRO
0
320
AWS IAMのアンチパターン/AWSが考える最低権限実現へのアプローチ概略(JAWS-UG朝会#59資料改修20分版)
htan
0
330
DevIO2024_レガシー運用からの脱却 -クラウド活用の実践事例とベストプラクティス-
jun2882
0
210
Featured
See All Featured
Statistics for Hackers
jakevdp
792
220k
From Idea to $5000 a Month in 5 Months
shpigford
377
46k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
12
3.8k
Designing with Data
zakiwarfel
96
5k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
325
21k
Scaling GitHub
holman
458
140k
Navigating Team Friction
lara
181
13k
WebSockets: Embracing the real-time Web
robhawkes
59
7.2k
Visualization
eitanlees
139
14k
Designing Experiences People Love
moore
136
23k
Writing Fast Ruby
sferik
623
60k
Atom: Resistance is Futile
akmur
261
25k
Transcript
6DIJP,POEP 'VLVPLBHP (PͳͲͰ࡞Δ੬ऑੑରࡦήʔϜ
(.0ϖύϘγχΞϓϦϯγύϧ ۙ౻͏͓ͪ!VE[VSB 044ϓϩμΫτ w NSVCZͷίϯςφϥϯλΠϜ)BDPOJXB w 3VCZͷ ZFU"OPUIFS 0QFO4UBDLDMJFOU:BP 3VCZ΄Ͳɺ(P͙Β͍ʁ
͖ͳϥΠϒϥϦIBTIJDPSQIDM ར༻ϒΩϓϥΠϜγϡʔλʔίϥϘ ηΩϡϦςΟษڧ࢝͠Ί͔ͨΓͰ͢
"MTPB3VCZJTU
13
'VLVPLBSC ! ԙϖύες
8FCΞϓϦέʔγϣϯͷ ੬ऑੑ
944
$43'
42- *OKFDUJPO
߈ܸ͞Εͨ͜ͱ ͋Γ·͔͢ʁ
߈ܸΛΓ͍ͨ ޚ͍ͨ͠
࿅शʢʁʣ͠Α͏
DG%78" w%BNO7VMOFSBCMF8FC"QQMJDBUJPO w͋͑ͯ੬ऑͳ࡞Γʹͨ͠ΣϒΞϓϦέʔγϣϯ w༷ʑͳ߈ܸΛ࣮ࡍʹߦ͏͜ͱͰɺ߈ܸଆͷؾ࣋ͪʹͳΓ ͦΕ͕։ൃʹ͓͍ͯʹཱͭ wΞϓϦέʔγϣϯͷ੬ऑ߹͍ΛઃఆͰ͖ͯศརʢʁʣ IUUQXXXEWXBDPVL
߈ܸΛͯ͠ΈΔͱ
None
͜ΕΛࣗಈԽ͢Δͱ
ޚଆͷ ࿅शʹ͑ΔͷͰʁ
CJHCSJEHFϓϩδΣΫτʢԾʣ wೋͭͷίϯςφΛ࡞Δ߈ܸଆɺޚଆ w߈ܸଆόΠφϦͰϒϥοΫϘοΫεͷϓϩάϥϜ wޚଆ"QBDIF NPE@QIQͳ੬ऑͳΞϓϦέʔγϣϯ TTIͰௐࠪՄೳͳΑ͏ɺγεςϜίϯςφʹͳ͍ͬͯΔ
CJHCSJEHF IUUQTDTLZVTIVVBDKQFOQJUQSP
ߏ Binary Apache MySQL App (PHP) SSHD Attacker Defender
ޚଆ͔ΒৄࡉΛɻ wTPWFSMBZͱ͍͏ɺ%PDLFSίϯςφʹಛԽͨ͠γϯϓϧͳJOJUͷ ΈΛͬͯγεςϜίϯςφΛ࡞Δɻ wTTIE ϩάͷͨΊSTZTMPH ɺBQBDIFɺ.Z42-Λࣂ͍ͬͯΔ wPDUPQBTTͰTTIϩάΠϯपΓΛ؆୯ʹ IUUQTHJUIVCDPNKVTUDPOUBJOFSTTPWFSMBZ
߈ܸଆɻ wṖͷόΠφϦ͕͋Δ wઃఆʹɺ߈ܸઌͷΞυϨεͳͲͷใ͔ͤ͠ͳ͘ɺͲ͏͍͏߈ܸ Λ͍ͯ͠Δ͔Θ͔Βͳ͍ wىಈ͢Δͱɺରͷ߈ܸͷޭࣦഊ͚͕ͩΘ͔Δ wˠޚଆͷϩάͳͲΛ֬ೝ͠ɺΞϓϦΛվमͯ͠
߈ܸϕϯνϚʔΫͷྲྀΕ w߈ܸଆͰόΠφϦىಈˠޚଆͰϩάͳͲΛ֬ೝ wˠޚଆͷઃఆΛมߋͨ͠ΓɺΞϓϦΛվम wˠ࠶߈ܸΛ͠ɺࣦഊͨ͠ΒӴޭʂʂʂ̍
ṖͷόΠφϦ
ͦ͜ͰɺΛ͏
࣮ͷྫ
ʹཱͭͷ wIFBE[PPTVSG wঢ়ଶΛอͭ͜ͱ͕Ͱ͖ΔΣϒεΫϨΠύʔϥΠϒϥϦ IUUQTHJUIVCDPNIFBE[PPTVSG
EFNP wʢतۀͰ͏ͱ͍͏͜ͱͰɺৄࡉ·ͩφΠγϣʣ
ࠓޙΓ͍ͨ͜ͱ w߈ܸͷόϦΤʔγϣϯΛ૿͢ w؆୯ͳରࡦͰ͋ͬͨΒ߈ܸଆͰݟൈ͔Εͯ͢Γൈ͚Δͭͱ͔ w߈ܸόΠφϦΛͬͱಡԽ͢Δ wޚଆɺ1)1Ҏ֎ͷݴޠϑϨʔϜϫʔΫΛ૿͢
จࣈྻΛӅ͍ͨ͠ w(PݴޠͷόΠφϦͰɺͪΖΜTUSJOHT ͳͲͰ߈ܸख๏ʹؔ ͢Δจࣈྻݟ͑ͯ͠·͏ɻ wจࣈσʔλΛ·ͱΊͯ֎෦͔Βఏڙͭͭɺ҉߸Խ͞ΕͨܗͰόΠφϦ ؚΉΑ͏ͳπʔϧΛ࡞ΕΔͱྑͦ͞͏ʁ wʢͪΖΜɺҰൠతͳͰόΠφϦͷจࣈྻΛ҉߸Խͯ͠ ɹͦΜͳʹηΩϡϦςΟରࡦʹͳΒͳ͍ɻΫΠζͷқతͳͰʣ
None
PT&YJU