Upgrade to Pro — share decks privately, control downloads, hide ads and more …

NPO 要知道的資訊安全

Allen Own
June 29, 2015
1
240

NPO 要知道的資訊安全

20150629 NetTuesday

Allen Own

June 29, 2015
Tweet

More Decks by Allen Own

See All by Allen Own
20140714 SITCON Camp 揭開駭客的神祕面紗
allenown
2
580
PHPConf 2013 - 矛盾大對決
allenown
32
24k
PHPConf 2013 - 我的密碼沒加密,你的呢?
allenown
6
790
BoT2013 海量資料時代的網路分析
allenown
4
550
The Internet is (NOT) safe - WebConf Taiwan 2013
allenown
58
11k

Featured

See All Featured
Adopting Sorbet at Scale
ufuk
73
9k
What's in a price? How to price your products and services
michaelherold
243
12k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
92
16k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
231
17k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.2k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
328
21k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
22k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
41
2.1k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k

Transcript

  1. /10⯁Ά⿬ỉⶳⰖయ֞ Ⓕᡳᜇ Allen Own [email protected] Ⴍચ౗ᯍ═ϫᐊ㏗֡ܦ

  2. ⳝ⓱≼ύ ␃ុᙏ "MMFO0XO  ࿵ৢடᬕ%&7$03&घ⨭㉅ BMMFOPXO!EFWDPSF ٪᧫㓲ஆൖፎ)*5$0/ᐥ฾࿜ܓ ொ㉅㡩㓲ஆሟᇌစ᝖ՁᎵơᣑ⼈ᡄ⮜

  3. Hacks In Taiwan Conference Community 2015/8/28 ~ 29 தԝݚڀӃ

  4. None
  5. None

  6. http://www.flickr.com/photos/42514833@N07/5246970893/ Cyberwar

  7. http://en.wikipedia.org/wiki/Liebig's_law_of_the_minimum

  8. ⶳయΦϨ⥝ᴑ Φأ㔑㏄ ΦϨể᷒ᎇ Φ໏Ⲑᒩ ᣑ⼆ᡄ⮚ ሲ⒣⭥⌕ ྭⱻ⭝ᵍ ⳻୷⼎ृ ˰̲ᣬ⌕ ⋸๾ྭⱻ

    ˰̲⢥᱙ ቆͥ㈠ⱙ สغずය

  9. Πⵠ㦖

  10. ☱ٳڠධ֧ᷔ᷒৺ݥ 10

  11. ٜⷍỉᦉ⾾᣼ⱒ Ø ٤Βᴟ╹ֽת೸ӲრᄚԺृگ Ø ृگ⯉ՓᰃṞᵑ㕸 Ø Җᐩ㋳θơͧҖ٩ါჽơʬᘟ⼟⨭য়ぞ*1 Ø ឧ೸ⱶᴚ㡢Ӭ̛㡮㡣՚ஆ࿶⻇Ӭஈ⼟⨭ፖׁ

  12. ฎฯᦡᡂ⍮Ⱅ 29.9% 6.4% 9.6% 13.1% 15.1% 25.9% Cross-Site Scripting SQL

    Injection Business Logic Flaw Cross-Site Request Forgery Information Leakage Others

  13. ⯁Ά⿬዗ኄ⓱ỉ༰⎖ɗ⯫㣟ɗႽ᠎ Ⴞ▏໭ฤӛ૊㏄⃥

  14. 㘓ా૏Уểᆩᦡᡂ㦖

  15. 㘓ా૏Уểᆩᦡᡂ㦖 Ø %BZ Ø ㆢஂሟᇌṕᕵἤ₳ơᣑ⼈㡦 ဪԺ㌬ዏ೽ො㞾 Ø %BZ Ø ἤ₳≕⊶ፄቭ⁰෇㡦்ဪϙ

    ⪒ḑ⾠Ձٓჿො㞾

  16. %BZ"UUBDL ㊝ ఺ Ἅ ᘭ ể ᆩ ᦡ ᡂ ቴ

    ౲ ዗ ኄ ℨ ๿ ગ ⯋ ᘳ ᆘ ᇒ И ⑻ ໏ ㍫

  17. %BZ"UUBDL ㊝ ఺ Ἅ ᘭ ዓ ؐ ᏼ ጥ ℨ

    ๿ ׷ ᑭ ᝒ ಇ ᏼ ጥ ቴ ౲ ዗ ኄ ℨ ๿ ગ ⯋ ᘳ ᆘ ᇒ И ⑻ ໏ ㍫

  18. ῜Ⅻ๞ࠎㄐװҎ⭈ℨ๿ Ø ℻ฐඦݘずԺፄቭ⁰෇ Ø ἤ₳ፄቭ⁰෇ϙ⪒ḑ⾠̶ Ø ߲⮜⼈⼱ϙ⪒⁰෇ဪԺխᬝᣩដ Ø ᆼ஺░ᬝᣩដሟᇌ⁰෇ Ø

    ሟᇌௗ፫ፄቭḑ░ᬝΒᴟ␹
  19. None
  20. None
  21. None

  22. Big Data ગ⯋ᘳ֞⎛⹜ᆘᇒ

  23. ᴊόỉⶳయጥ㕚㐖 Ø #JH%BUBዏ̧㡦㓲ஆ˥٩̩՗ᴟ㌪℀ơয়⬕ᕻˏᖤ℻Ҽ׈㡦 ௏ቂϫ̹ᓹơ*1Wơᴖ╾өʼᴺḑ⋣ⶦ⼟⨭რᄚ㡦ဪԺөʼ ᴺፒ৙௓ˏᖤږፒᣩដƢ Ø 4IPEBOIUUQXXXTIPEBOIRDPN Ø ;PPN&ZFIUUQXXX[PPNFZFPSH Ø

    *OUFSOFU$FOTVTIUUQJOUFSOFUDFOTVTCJUCVDLFUPSH
  24. None
  25. None
  26. None
  27. None
  28. None

  29. ⶳయΦϨᆲⰘ

  30. ሟᇌ␹ ⳽୷⭶ё ⋣⃳ ⳽ቛൻ #PUOFU #PUOFUሯᇜ

  31. ሟᇌ␹ ⳽୷⭶ё ⋣⃳ ⳽ቛൻ #PUOFU #PUOFUሯᇜ

  32. None
  33. None
  34. None
  35. None

  36. ጥମ▕㦖〔፽♉ᶲ⭉ጥコ㦖 Ø ⋣ⶦ⭶ёơ⳽୷⭶ё˥ፒ୷ө㐹㋵㡦ᴖ╾٩ⓗࡻ᨟⭶ ёௐ╿ӧβ╾Ө⋣Ƣ Ø *P5ḑዏ̧㡦ஔ㌱ơ₺࿵෇⪓⏀⨴٩⼙⋣㡦˥ፒ⩰ӧ βḑ㐹㋵Ƣ Ø ̹ᓹơஔˆᠮ⴦ḑ⭶ё㡦₳⃶ዅʵዅ෋ᮚӧஈ㡮

  37. Ўᐎࣞ ㏄᪪ᯓ ⶳጓำ Ϯᖱ Ўᐎࣞ Ўᐎࣞ ዗ኄ⓱

  38. Ўᐎࣞ ㏄᪪ᯓ ⶳጓำ Ϯᖱ Ўᐎࣞ Ўᐎࣞ ዗ኄ⓱

  39. Ўᐎࣞ ㏄᪪ᯓ ⶳጓำ Ϯᖱ Ўᐎࣞ Ўᐎࣞ ዗ኄ⓱

  40. 5BLFBXBZT Ø כୖ҆ϵ฾ཌྷ㡦୷ө຀ፄቭׁ฿ұ⼕୷⪓ Ø ٵ෇⭶ёḒፒ٩ⓗ࿜᨟ሟᇌṕᕵ㡦⴦ӧ˘խӔᏱ㉬ ⋣ⶦʲ୷өἤ₳ृگ㡦࿡ዅ╹⨭㋥㌡ᡄ⮜ทӻʲ⌀ Ø ̹ᓹ฿㏪՟ஂ⳽୷˱̳⢦᱙401㡦˂ʺ⬕֒˱խơ ˱ˆơ˱ทḑٵ㏧⢦᱙㏧ṕ㡦Νਗᣑ⼈ᡄ⮜ơ୷ө ᣬ␑ơቆͦ㈢ⱛ℻Ƣ

  41. 2"

  42. ⭈ֆⲄ፧㦑44-య֞

  43. None