Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Goなどで作る脆弱性対策ゲーム / go-bigbridge
Search
KONDO Uchio
June 14, 2018
Technology
1
890
Goなどで作る脆弱性対策ゲーム / go-bigbridge
@Fukuoka.go #11
https://fukuokago.connpass.com/event/87684/
KONDO Uchio
June 14, 2018
Tweet
Share
More Decks by KONDO Uchio
See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2.4k
Ruby x BPF in Action / RubyKaigi 2022
udzura
0
250
Narrative of Ruby & Rust
udzura
0
220
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.7k
Talk of RBS
udzura
0
450
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
780
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
730
Device access filtering in cgroup v2
udzura
1
910
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
830
Other Decks in Technology
See All in Technology
React開発にStorybookとCopilotを導入して、爆速でUIを編集・確認する方法
yu_kod
1
270
KubeCon + CloudNativeCon Japan 2025 Recap by CA
ponkio_o
PRO
0
300
Lufthansa ®️ USA Contact Numbers: Complete 2025 Support Guide
lufthanahelpsupport
0
190
生まれ変わった AWS Security Hub (Preview) を紹介 #reInforce_osaka / reInforce New Security Hub
masahirokawahara
0
470
SaaS型なのに自由度の高い本格CMSでサイト構築と運用のコスパ&タイパUP! MovableType.net の便利機能とユーザー事例のご紹介
masakah
0
110
スタートアップに選択肢を 〜生成AIを活用したセカンダリー事業への挑戦〜
nstock
0
170
20250705 Headlamp: 專注可擴展性的 Kubernetes 用戶界面
pichuang
0
270
Tokyo_reInforce_2025_recap_iam_access_analyzer
hiashisan
0
180
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
47
19k
さくらのIaaS基盤のモニタリングとOpenTelemetry/OSC Hokkaido 2025
fujiwara3
3
440
AWS Organizations 新機能!マルチパーティ承認の紹介
yhana
1
280
Lazy application authentication with Tailscale
bluehatbrit
0
210
Featured
See All Featured
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
48
2.9k
Raft: Consensus for Rubyists
vanstee
140
7k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
281
13k
RailsConf 2023
tenderlove
30
1.1k
Git: the NoSQL Database
bkeepers
PRO
430
65k
Building Adaptive Systems
keathley
43
2.7k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
54k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
50
5.5k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.5k
Visualization
eitanlees
146
16k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Transcript
6DIJP,POEP 'VLVPLBHP (PͳͲͰ࡞Δ੬ऑੑରࡦήʔϜ
(.0ϖύϘγχΞϓϦϯγύϧ ۙ౻͏͓ͪ!VE[VSB 044ϓϩμΫτ w NSVCZͷίϯςφϥϯλΠϜ)BDPOJXB w 3VCZͷ ZFU"OPUIFS 0QFO4UBDLDMJFOU:BP 3VCZ΄Ͳɺ(P͙Β͍ʁ
͖ͳϥΠϒϥϦIBTIJDPSQIDM ར༻ϒΩϓϥΠϜγϡʔλʔίϥϘ ηΩϡϦςΟษڧ࢝͠Ί͔ͨΓͰ͢
"MTPB3VCZJTU
13
'VLVPLBSC ! ԙϖύες
8FCΞϓϦέʔγϣϯͷ ੬ऑੑ
944
$43'
42- *OKFDUJPO
߈ܸ͞Εͨ͜ͱ ͋Γ·͔͢ʁ
߈ܸΛΓ͍ͨ ޚ͍ͨ͠
࿅शʢʁʣ͠Α͏
DG%78" w%BNO7VMOFSBCMF8FC"QQMJDBUJPO w͋͑ͯ੬ऑͳ࡞Γʹͨ͠ΣϒΞϓϦέʔγϣϯ w༷ʑͳ߈ܸΛ࣮ࡍʹߦ͏͜ͱͰɺ߈ܸଆͷؾ࣋ͪʹͳΓ ͦΕ͕։ൃʹ͓͍ͯʹཱͭ wΞϓϦέʔγϣϯͷ੬ऑ߹͍ΛઃఆͰ͖ͯศརʢʁʣ IUUQXXXEWXBDPVL
߈ܸΛͯ͠ΈΔͱ
None
͜ΕΛࣗಈԽ͢Δͱ
ޚଆͷ ࿅शʹ͑ΔͷͰʁ
CJHCSJEHFϓϩδΣΫτʢԾʣ wೋͭͷίϯςφΛ࡞Δ߈ܸଆɺޚଆ w߈ܸଆόΠφϦͰϒϥοΫϘοΫεͷϓϩάϥϜ wޚଆ"QBDIF NPE@QIQͳ੬ऑͳΞϓϦέʔγϣϯ TTIͰௐࠪՄೳͳΑ͏ɺγεςϜίϯςφʹͳ͍ͬͯΔ
CJHCSJEHF IUUQTDTLZVTIVVBDKQFOQJUQSP
ߏ Binary Apache MySQL App (PHP) SSHD Attacker Defender
ޚଆ͔ΒৄࡉΛɻ wTPWFSMBZͱ͍͏ɺ%PDLFSίϯςφʹಛԽͨ͠γϯϓϧͳJOJUͷ ΈΛͬͯγεςϜίϯςφΛ࡞Δɻ wTTIE ϩάͷͨΊSTZTMPH ɺBQBDIFɺ.Z42-Λࣂ͍ͬͯΔ wPDUPQBTTͰTTIϩάΠϯपΓΛ؆୯ʹ IUUQTHJUIVCDPNKVTUDPOUBJOFSTTPWFSMBZ
߈ܸଆɻ wṖͷόΠφϦ͕͋Δ wઃఆʹɺ߈ܸઌͷΞυϨεͳͲͷใ͔ͤ͠ͳ͘ɺͲ͏͍͏߈ܸ Λ͍ͯ͠Δ͔Θ͔Βͳ͍ wىಈ͢Δͱɺରͷ߈ܸͷޭࣦഊ͚͕ͩΘ͔Δ wˠޚଆͷϩάͳͲΛ֬ೝ͠ɺΞϓϦΛվमͯ͠
߈ܸϕϯνϚʔΫͷྲྀΕ w߈ܸଆͰόΠφϦىಈˠޚଆͰϩάͳͲΛ֬ೝ wˠޚଆͷઃఆΛมߋͨ͠ΓɺΞϓϦΛվम wˠ࠶߈ܸΛ͠ɺࣦഊͨ͠ΒӴޭʂʂʂ̍
ṖͷόΠφϦ
ͦ͜ͰɺΛ͏
࣮ͷྫ
ʹཱͭͷ wIFBE[PPTVSG wঢ়ଶΛอͭ͜ͱ͕Ͱ͖ΔΣϒεΫϨΠύʔϥΠϒϥϦ IUUQTHJUIVCDPNIFBE[PPTVSG
EFNP wʢतۀͰ͏ͱ͍͏͜ͱͰɺৄࡉ·ͩφΠγϣʣ
ࠓޙΓ͍ͨ͜ͱ w߈ܸͷόϦΤʔγϣϯΛ૿͢ w؆୯ͳରࡦͰ͋ͬͨΒ߈ܸଆͰݟൈ͔Εͯ͢Γൈ͚Δͭͱ͔ w߈ܸόΠφϦΛͬͱಡԽ͢Δ wޚଆɺ1)1Ҏ֎ͷݴޠϑϨʔϜϫʔΫΛ૿͢
จࣈྻΛӅ͍ͨ͠ w(PݴޠͷόΠφϦͰɺͪΖΜTUSJOHT ͳͲͰ߈ܸख๏ʹؔ ͢Δจࣈྻݟ͑ͯ͠·͏ɻ wจࣈσʔλΛ·ͱΊͯ֎෦͔Βఏڙͭͭɺ҉߸Խ͞ΕͨܗͰόΠφϦ ؚΉΑ͏ͳπʔϧΛ࡞ΕΔͱྑͦ͞͏ʁ wʢͪΖΜɺҰൠతͳͰόΠφϦͷจࣈྻΛ҉߸Խͯ͠ ɹͦΜͳʹηΩϡϦςΟରࡦʹͳΒͳ͍ɻΫΠζͷқతͳͰʣ
None
PT&YJU