Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Are you content with our current attacks on Con...
Search
GMO Flatt Security
August 05, 2024
2
340
Are you content with our current attacks on Content-Type?
A presentation for BSides Las Vegas 2024.
GMO Flatt Security
August 05, 2024
Tweet
Share
More Decks by GMO Flatt Security
See All by GMO Flatt Security
アプリケーション固有の「ロジックの脆弱性」を防ぐ開発者のためのセキュリティ観点
flatt_security
28
11k
開発組織のための セキュアコーディング研修の始め方
flatt_security
5
3.4k
GMO Flatt SecurityにおけるKubernetesセキュリティ診断について
flatt_security
0
110
Flatt Security XSS Challenge 解答・解説
flatt_security
0
1.6k
GMO Flatt Security 会社紹介資料
flatt_security
0
8.5k
codeblue_2024_opentalks.pdf
flatt_security
0
110
開発生産性をむしろ向上させる セキュリティパートナーの作り方 / Dev Productivity Con 2024
flatt_security
0
1.1k
XSS using dirty Content Type in cloud era
flatt_security
2
16k
「企画力」次第でテックブログのネタは尽きない / How to plan a tech blog
flatt_security
3
690
Featured
See All Featured
Adopting Sorbet at Scale
ufuk
75
9.3k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.2k
RailsConf 2023
tenderlove
29
1k
The Cult of Friendly URLs
andyhume
78
6.3k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Building an army of robots
kneath
304
45k
Why Our Code Smells
bkeepers
PRO
336
57k
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.3k
Build The Right Thing And Hit Your Dates
maggiecrowley
34
2.6k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
102
18k
Visualization
eitanlees
146
16k
Transcript
"SFZPVDPOUFOUXJUIPVSDVSSFOU BUUBDLTPO$POUFOU5ZQF B[BSB !B@[BSB@O FJ !FJ 'MBUU4FDVSJUZJOD
6OFYQFDUFEQBUIGSPN)551SFTQPOTF VOFYQFDUFEBUUBDLQBUI
4FMGJOUSPEVDUJPOFJ &JKJ.PSJFJ 9!FJ 'MBUU4FDVSJUZJOD .VTDMF#SBJO
/PSJIJEF4BJUPB[BSB 9!B@[BSB@O 'MBUU4FDVSJUZJOD 4FMGJOUSPEVDUJPOB[BSB IUUQTNJTDB[BSBKQ3&"%.&
5PQJDT
8IBUJT$POUFOU5ZQF 0MEBUUBDLQBUIJO)551SFTQPOTF /FXBUUBDLQBUIJO)551SFTQPOTF #VH#PVOUZQSPHSBNSFTFBSDI 044SFTFBSDI .JUJHBUJPOT 5PQJDT
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF &YUFOTJPO QOHKQH $POUFOU5ZQF JNBHFQOHJNBHFKQH .BHJDCZUF
0MEBUUBDLQBUIJO)551SFTQPOTF &YUFOTJPO QOHKQH $POUFOU5ZQF JNBHFQOHJNBHFKQH .BHJDCZUF
0MEBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
8IBUJT0CKFDU4UPSBHF %BUB .FUBEBUB
8IBUJT0CKFDU4UPSBHF %BUB .FUBEBUB $POUFOU5ZQF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF 'PSHPUWBMJEBUJPO
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
#VH#PVOUZQSPHSBNSFTFBSDI
%JTDPWFSZJO#VH#PVOUZQSPHSBN /PWBMJEBUJPO
%JTDPWFSZJO#VH#PVOUZQSPHSBN /PUVTJOH4
%JTDPWFSZJO#VH#PVOUZQSPHSBN "DDVSBUFWBMJEBUJPO
044SFTFBSDI
$PEFTFBSDI
$PEFTFBSDI
$PEFTFBSDI
$PEFTFBSDI /PWBMJEBUJPOPSMBYWBMJEBUJPO
$PEFTFBSDI /PWBMJEBUJPOPSMBYWBMJEBUJPO 😨
/PWBMJEBUJPO
/PWBMJEBUJPOJO)551SFRVFTU
/PWBMJEBUJPO /PWBMJEBUJPO
/PWBMJEBUJPO&YBNQMF
/PWBMJEBUJPO&YBNQMF 6TFEJSFDUWBMVFT
/PWBMJEBUJPO&YBNQMF
/PWBMJEBUJPO&YBNQMF 7BMJEBUJPO GSPOUFOEPOMZ
/PWBMJEBUJPO&YBNQMF 6QMPBE UFYUIUNM
/PWBMJEBUJPOJO)551SFTQPOTF
/PWBMJEBUJPO /PWBMJEBUJPO
/PWBMJEBUJPO74$PEF&YUFOTJPO
/PWBMJEBUJPO74$PEF&YUFOTJPO (FU UFYUIUNM
7BMJEBUJPOCZQBTT
7BMJEBUJPOCZQBTTJO)551SFRVFTU
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
#ZQBTTQBUUFSOT Code Implementations Bypass Examples startsWith(“image/png”) image/png, text/html endsWith(“image/png”)
text/html; image/png /^image\/png/ image/png, text/html includes(“image/png”) text/html; image/png
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7& #ZQBTT JNBHFQOH UFYUIUNM
7BMJEBUJPOCZQBTTJO)551SFTQPOTF
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT&MFDUSPO
7BMJEBUJPOCZQBTT&MFDUSPO #ZQBTT JNBHFQOH UFYUIUNM
7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO
7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO #ZQBTT UFYUIUNMQEG
.JUJHBUJPOT
4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO z
4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO z
5IBOLZPVWFSZNVDIGPSMJTUFOJOH
3FGFSFODFT
◦ "NB[PO4 ◦ IUUQTBXTBNB[PODPNKQT ◦ #MBDL'BODPOUFOUUZQFSFTFBSDI ◦ IUUQTHJUIVCDPN#MBDL'BODPOUFOUUZQFSFTFBSDICMPC NBTUFS944NE ◦
$BSSJFSXBWF ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF ◦ $7& ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF TFDVSJUZBEWJTPSJFT()4"HYIYHGRIK 3FGFSFODF
23DPEF IUUQTTQFBLFSEFDLDPNGMBUU@TFDVSJUZBSFZPVDPOUFOUXJUIPVSDVSSFOUBUUBDLTPODPOUFOUUZQF
#ZQBTTUFDIOJRVF IUUQTCTJEFTUPLZPFOYTTVTJOHEJSUZDPOUFOUUZQFJODMPVEFSB
'"2
9445ISFBUT 4UPSFE944
&TTFOUJBM5IJOHT /PWBMJEBUJPO