Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OWASP ZAP 簡単な使い方

Jun Matsumoto
September 04, 2017

OWASP ZAP 簡単な使い方

2017/9/2 OWASP Kansai ローカルチャプターミーティング
やられ教材サーバ(OWASP BWA)を用いた、OWASP ZAPの簡単な使い方紹介

Jun Matsumoto

September 04, 2017
Tweet

More Decks by Jun Matsumoto

Other Decks in Technology

Transcript

  1. a d X Ub l BU ] C]bil •  hhdg2 kkk

    _U ] cf[ l FN8JG Q8G •  hhdg2 kkk ckUgd cf[ ]bXYl d d FN8JGTQYXT8hhUW_TGfclmTGfc YWh l FN8JG Q8G •  hhdg2 XcWg [cc[ Y Wca r Y X (9)Y):aU)>L UnELEMd.FNX>Pn[ l FN8JG 9N8 z •  hhdg2 kkk ckUgd cf[ ]bXYl d d FN8JGT9fc_YbTNYVT8dd ]WUh]cbgTGfc YWh l M]fhiU 9cl •  hhdg2 kkk j]fhiU Vcl cf[ l  2 BU ] C]bil Q8G" v z fi 1 OWASP Kansai / Jun Matsumoto
  2. 5 6 6 l  z z •  •  l  • 

    ü  ü  v v ü  •  zv 2 OWASP Kansai / Jun Matsumoto
  3. 5 6 6 l S hhd2 [] mc d XYj Wc

    iab bYkmYUf *(). ckUgd 3 OWASP Kansai / Jun Matsumoto
  4. l  •  Q8G v l  l  •  ü  LIC v

    •  ü  LIC z •  ü  z y z •  ü  z fi v 4 OWASP Kansai / Jun Matsumoto
  5. j lr fl , l  FN8JG Q8G z 6BU ]

    C]bil 6Kcd )( JYWif]hm Kcc g 6ckUgd nUd OWASP Kansai / Jun Matsumoto
  6. j lr fl , l  CcWU dfclm v8XXfYgg Gcfh w

    fi x)*/ ( ( )20(0( OWASP Kansai / Jun Matsumoto
  7. j lr fl ( , l  •  vBU ] C]bil

    z @WYkYUgY z l  @WYkYUgY OWASP Kansai / Jun Matsumoto
  8. j lr fl ) , §  z <X]h 6GfYZYfYbWYg 8

    h z l  ʼ 6GfYZYfYbWYg OWASP Kansai / Jun Matsumoto
  9. j lr fl , l  DUbiU dfclm Wcbr[ifUh]cb2 v KKG

    Gfclm KKGJ Gfclm Q8G @G Gcfh l  OWASP Kansai / Jun Matsumoto
  10. U l  •  vQ8G w l  z •  Q8G z

    l  JUjY CcUX •  w ” fi •  ” v OWASP Kansai / Jun Matsumoto
  11. Vc l  z v fi l  q<lW iXY Zfcat GfclmvFB

    OWASP Kansai / Jun Matsumoto
  12. m l  Q8G v w v z •  u • 

    ʻu •  uuuuu fi OWASP Kansai / Jun Matsumoto
  13. ng §  hhd2 )1* ).0 XjkU •  @;2UXa]b GN2UXa]b l 

    “ •  OWASP Kansai / Jun Matsumoto
  14. d l  vQ8G •  v §  ʼ •  JHC • 

    FJ •  OJJ •  :JI= l  •  OWASP Kansai / Jun Matsumoto
  15. / IB 1QCAO E I l  t)1* ).0 ( *-,3

    dkXt OWASP Kansai / Jun Matsumoto
  16. 74 3IFCA E I 74 3IFCA E I . EIB

    l  LgYf @; l  p cf )5) OWASP Kansai / Jun Matsumoto
  17. g l  LIC •  z z •  l  •  vQ8G

    •  LIC •  z OWASP Kansai / Jun Matsumoto
  18. g l  •  ;MN8" ü  hhd2 )1* ).0 XjkU • 

    vJWf]dh JYWif]hm ck •  :caaUbX <lYWih]cbvJHC @b YWh]cbvOJJ fYsYWhYX ” fi •  Q8G “ OWASP Kansai / Jun Matsumoto
  19. g l  z ʼ l  LICʼ hhd2 )1* ).0 XjkU

    ʼ ” ʼ q t q t OWASP Kansai / Jun Matsumoto
  20. u ZW ) )   z LIC *   ʼ

      ʼ 3 2 1 OWASP Kansai / Jun Matsumoto
  21. u ZW ) ) l  v z “ FJ ”

    •  YhW dUggkX OWASP Kansai / Jun Matsumoto
  22. es n l  “ z z l  w fi l 

    @G8 ʼ •  v z ” v fi •  v v ” v l  hhd2 kkk ]dU [c d gYWif]hm ji b Zinn]b[ ha OWASP Kansai / Jun Matsumoto
  23. es n l  Q8G y z l  y z w

    l  z •  VfcZinn 2 z •  ZinnXV 2 OWASP Kansai / Jun Matsumoto
  24. es n i l  z v z l  z ʼ

    v=innXV r Yg z l  z ʼ •  z OWASP Kansai / Jun Matsumoto
  25. es n , l  LIC l  z •  z z

    OWASP Kansai / Jun Matsumoto
  26. es n , l  z ) •  ]X5) q)t z

    ü q)t q=innt OWASP Kansai / Jun Matsumoto
  27. es n , l  z * •  ]X5) q)t z

    ü q)t z q=innt OWASP Kansai / Jun Matsumoto
  28. es n ( , l  =inn ʼ q VcZinn JHC

    @b YWh]cbtv qZinnXV ) (1 UhhW_ dUm cUXg ge ]b YWh]cb XYhYWht l  =inn ʼ z l  =innʼ fi OWASP Kansai / Jun Matsumoto
  29. es n ) , l  =innYfʼ v l  JhUhY58CRCA CB

    v z OJJ •  z z •  •  z qUtvq)t ” fi OWASP Kansai / Jun Matsumoto
  30. es n , l  JhUhY5IYZfYWhYXv J]nY z •  JHC @b

    YWh]cb v l  JHC OWASP Kansai / Jun Matsumoto
  31. es n , l  z o cf )5) ʼ l 

    ;9 z OWASP Kansai / Jun Matsumoto
  32. es n , , l  :fcgg J]hY JWf]dh]b[vJHC @b YWh]cb

    ” OWASP Kansai / Jun Matsumoto
  33. ng fl §  z §  •  Q8G •  NYV • 

    fi @; GUgg z •  cf fi •  fi @; GUgg •  Q8G •  fi v OWASP Kansai / Jun Matsumoto
  34. g . BDC § FN8JG 9N8 9cX[Y h §  hhd2 )1*

    ).0 VcX[Y]h OWASP Kansai / Jun Matsumoto
  35. p lt d fl §  x §  hhd2 )1* ).0

    VcX[Y]h ) •  z v •  @bW iXY ]b :cbhYlh ) •  FB OWASP Kansai / Jun Matsumoto
  36. p lt d fl §  w •  LIC fY[Ylg v

    LIC OWASP Kansai / Jun Matsumoto
  37. ( ng d §  GFJK •  z GFJK •  =

    U[g Ug :cbhYlh )2 Zcfa VUgYX 8ih Cc[]b fYeiYgh OWASP Kansai / Jun Matsumoto
  38. ( ng d §  LgYfbUaY GUfUaYhYf 2ʼv GUggkcfX GUfUaYhYf 2ʼ

    v z igYfbUaYvdUggkcfX OWASP Kansai / Jun Matsumoto
  39. ( n ng fl §  ʼ ʼ fi fi § 

    ʼ fi •  fi uuuu = U[ Ug :cbhYlh )2 8ih Ybh]WUh]cb Cc[[YX ]b ]bX]WUhcf §  ʼ 8ih Ybh]WUh]cb Cc[[YX cih ]bX]WUhcf Guest ID OWASP Kansai / Jun Matsumoto
  40. ( n ng fl §  IY[Yl dUhhYfb ]XYbh]rYX ]b Cc[[YX

    @b fYgdcbgY aYggU[Yg2ʼ v OWASP Kansai / Jun Matsumoto
  41. ) ng 3 6 §  :cbhYlhg ) LgYfguu 8XX LgYf

    EUaY vLgYfbUaYvGUggkcfX OWASP Kansai / Jun Matsumoto
  42. ) ng 3 6 §  =cfWYX LgYfʼ z ) v

    z OWASP Kansai / Jun Matsumoto
  43. C o r g g §  z hhdg2 kkk ckUgd

    cf[ ]bXYl d d GYbhYghYfTJ_] aUdTGfc YWhTAG OWASP Kansai / Jun Matsumoto