Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OWT2017JP - OWASP Project Overview for Developers
Search
OWASP Japan
September 30, 2017
Technology
3.8k
11
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
OWT2017JP - OWASP Project Overview for Developers
#OWT2017JP
Opening Session by 上野宣, OWASP Japan
OWASP Japan
September 30, 2017
More Decks by OWASP Japan
See All by OWASP Japan
OWASP Night 2019.03 Tokyo
owaspjapan
0
400
OWASP SAMMを活用したセキュア開発の推進
owaspjapan
0
1.1k
20190107_AbuseCaseCheatSheet
owaspjapan
0
220
セキュリティ要求定義で使える非機能要求グレードとASVS
owaspjapan
5
1.2k
AWSクラスタに捧ぐウェブを衛っていく方法論と死なない程度の修羅場の価値
owaspjapan
9
3.5k
Shifting Left Like a Boss
owaspjapan
2
340
OWASP Top 10 and Your Web Apps
owaspjapan
2
430
OWASP Japan Proposal: Encouraging Japanese Translation
owaspjapan
1
300
elegance_of_OWASP_Top10_2017
owaspjapan
2
580
Other Decks in Technology
See All in Technology
公式ドキュメントの歩き方etc
coco_se
0
100
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
15
110k
「ちゃんとやっている」は独りよがりだった ― 不安に寄り添うインシデント対応へ / Towards incident response that addresses anxieties
chmikata
1
5.1k
Keeping applications secure by evolving OAuth 2.0 and OpenID Connect
ahus1
PRO
1
160
個人開発で育てる「大規模設計の苗床」 - AI時代の1人開発から始める業務への知識接続 / The Seedbed for Large-Scale Design - From AI-Era Solo Projects to Professional Knowledge
bitkey
PRO
0
170
「最後に責任を取るのはチーム」— 人間のPRレビューを最小化してアップデートしたメンタルモデル
jnishime_dresscode
0
600
完全自律ロボットを作りたくて、先に開発を自律させた話(ROS Japan UG #63 LT)
rryz09
0
510
美しいコードを書くためにF#を学んでみた話
yud0uhu
1
410
ボーイスカウトルールでメモリやスキルを改善しよう
azukiazusa1
2
970
LLM/Agent評価:トップ営業の発言を「正解」にする 〜暗黙的正解による評価を営業資産に変える〜
takkuhiro
1
210
インフラと開発の垣根を超えていき!〜元AWSインフラエンジニアがAWS開発で奮闘している話〜
hatahata021
2
180
あなたの『Site』はどこですか? — xREという考え方
miyamu
0
1.2k
Featured
See All Featured
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
210
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.3k
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
220
Art, The Web, and Tiny UX
lynnandtonic
304
22k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
190
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.3k
The Curious Case for Waylosing
cassininazir
1
430
Being A Developer After 40
akosma
91
590k
Scaling GitHub
holman
464
140k
Docker and Python
trallard
47
3.9k
RailsConf 2023
tenderlove
30
1.5k
Imperfection Machines: The Place of Print at Facebook
scottboms
270
14k
Transcript
08"41ͷา͖ํ 085 08"41+BQBO $IBQUFS-FBEFS 4FO6&/0 08"411SPKFDU0WFSWJFX GPS%FWFMPQFST
08"411SPKFDU
'MBHTIJQ1SPKFDUT • 5PPMT – 08"41;FE"UUBDL1SPYZ – 08"418FC5FTUJOH&OWJSPONFOU1SPKFDU – 08"41085' –
08"41%FQFOEFODZ$IFDL – 08"414FDVSJUZ4IFQIFSE</FX> • $PEF – 08"41.PE4FDVSJUZ $PSF3VMF4FU1SPKFDU – 08"41$43'(VBSE 1SPKFDU – 08"41"QQ4FOTPS 1SPKFDU • %PDVNFOUBUJPO – 08"41"QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE1SPKFDU – 08"414PGUXBSF"TTVSBODF.BUVSJUZ.PEFM 4".. – 08"41"QQ4FOTPS 1SPKFDU – 08"415PQ5FO1SPKFDU – 08"415FTUJOH(VJEF1SPKFDU IUUQTXXXPXBTQPSHJOEFYQIQ08"41@1SPKFDU@*OWFOUPSZ'MBHTIJQ@1SPKFDUT
08"415PQ3$ • 8FCΞϓϦέʔγϣϯ੬ऑੑτοϓ 3$3FKFDUFE ݄Լ०ϦϦʔε༧ఆ
08"415PQGPS ຊޠ൛ΞϦ㽂
;"1 • ;"1 ;FE"UUBDL1SPYZ • 8FCΞϓϦέʔγϣϯ੬ऑੑεΩϟφʔ ຊޠ൛ΞϦ㽂
8FC5FTUJOH&OWJSPONFOU • ओʹ08"41ͷΞϓϦέʔγϣϯηΩϡϦςΟπʔϧͱυΩϡϝ ϯτͷ٧Ί߹Θͤ -JOVYEJTU • 08"41ͷ֤छϓϩδΣΫτ – πʔϧυΩϡϝϯτ –
08"41Ҏ֎ͷ8FCΞϓϦέʔγϣϯηΩϡϦςΟπʔϧऩ • *407.XBSF 7JSUVBM#PY 1BSBMMFMTɺ-JOVYύοέʔδͳͲͷ ܗࣜͰఏڙ – چ08"41-JWF$%
085' • 085' 0GGFOTJWF8FC5FTUJOH'SBNFXPSL – ࣗಈஅπʔϧ – 08"415FTUJOH(VJEF 15&4 UIF1FOFUSBUJPO5FTUJOH&YFDVUJPO
4UBOEBSE /*45
08"41%FQFOEFODZ$IFDL • 8FCΞϓϦέʔγϣϯͷத͔Β੬ऑੑͷ͋ΔίϯϙʔωϯτΛ ൃݟ͢ΔεΩϟφʔ – +BWB /&5ʹରԠ • 3VCZ /PEFKT
1ZUIPO $$ ࢼݧతͳରԠ
08"414FDVSJUZ4IFQIFSE • 8FCͱϞόΠϧͷΞϓϦέʔγϣϯηΩϡϦςΟͷͨΊͷτ Ϩʔχϯάπʔϧ – ηΩϡϦςΟΛֶͿͨΊͷϋϯζΦϯڥ – $5'ϞʔυɺΦʔϓϯϑϩΞϞʔυɺτʔφϝϯτϞʔυͳͲΛඋ͑Δ • 5FBDIJOH5PPMGPS"MM"QQMJDBUJPO4FDVSJUZ
• 8FC"QQMJDBUJPO1FO5FTUJOH5SBJOJOH • .PCJMF"QQMJDBUJPO1FO5FTUJOH5SBJOJOH • 4BGF1MBZHSPVOEUP1SBDUJTF "QQ4FD 5FDIOJRVFT • 3FBM4FDVSJUZ3JTL&YBNQMFT
.PE4FDVSJUZ $PSF3VMF4FU1SPKFDU • .PE4FDVSJUZ – 0QFO4PVSDF8FC"QQMJDBUJPO'JSFXBMM • .PE4FDVSJUZ Ͱ͑Δϧʔϧηοτ –
1SPUPDPM7BMJEBUJPO – .BMJDJPVT$MJFOU*EFOUJGJDBUJPO – (FOFSJD"UUBDL4JHOBUVSFT – ,OPXO7VMOFSBCJMJUJFT4JHOBUVSFT – 5SPKBO#BDLEPPS"DDFTT – 0VUCPVOE%BUB-FBLBHF – "OUJ7JSVTBOE%P4 VUJMJUZTDSJQUT
$43'(VBSE 1SPKFDU • ΫϩεαΠτɾϦΫΤετϑΥʔδΣϦ $43' ରࡦϥΠϒϥϦ
"QQ4FOTPS 1SPKFDU • ΞϓϦέʔγϣϯϨΠϠʔʹର͢Δ৵ೖݕͱࣗಈԠͷͨΊͷ ϑϨʔϜϫʔΫ – ΞϓϦέʔγϣϯʹޚΛ࣮͢Δ • ݕग़ –
Ҏ্ͷݕग़ϙΠϯτͰ߈ܸΛݕ • Ԡ – ߈ܸΛݕग़ͨ͠ޙͷΞΫγϣϯ – ϢʔβʔͷϩάΞτɺΞΧϯτϩοΫɺཧऀͷ௨ͳͲ • ΞϓϦέʔγϣϯͷޚ
"QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE 1SPKFDU • "474 "QQMJDBUJPO4FDVSJUZ7FSJGJDBUJPO4UBOEBSE • ΞϓϦέʔγϣϯͷηΩϡϦςΟධՁͷͨΊͷݕࠪඪ४ – ࣗಈ·ͨखಈͷηΩϡϦςΟςετٴͼίʔυϨϏϡʔํࣜͷཁ݅
• -W0QQPSUVOJTUJD • -W4UBOEBSE • -W"EWBODFE ຊޠ൛ΞϦ㽂
4PGUXBSF"TTVSBODF.BUVSJUZ.PEFM • 4".. 4PGUXBSF"TTVSBODF.BUVSJUZ.PEFM ɿιϑτΣΞ ηΩϡϦςΟอোख़Ϟσϧ • ϦεΫʹ߹ΘͤͨιϑτΣΞηΩϡϦςΟઓུΛ࣮͢ΔͨΊ ͷϑϨʔϜϫʔΫ ຊޠ൛ΞϦ㽂
5FTUJOH(VJEF • 8FCαΠτʗΞϓϦέʔγϣϯͷςετΨΠυɺશϖʔδ ʢ7FSʣ • ֤੬ऑੑɺػೳผͷςετํ๏ – *OGPSNBUJPO(BUIFSJOH $POGJHVSBUJPO.BOBHFNFOU5FTUJOH
"VUIFOUJDBUJPO5FTUJOH 4FTTJPO.BOBHFNFOU "VUIPSJ[BUJPO 5FTUJOH #VTJOFTTMPHJDUFTUJOH %BUB7BMJEBUJPO5FTUJOH %P4 5FTUJOH 8FC4FSWJDFT5FTUJOH "+"95FTUJOH
8FCγεςϜʗ8FCΞϓϦέʔγϣϯ ηΩϡϦςΟཁ݅ॻ • 8FCγεςϜʗ8FCΞϓϦέʔγϣϯ։ൃͷͨΊͷཁ݅ఆٛॻ – ҰൠతʹΓࠐΉ͖ηΩϡϦςΟཁ݅ఆٛॻ – ։ൃݴޠϑϨʔϜϫʔΫʹґଘ͠ͳ͍ • 08"41+BQBOηΩϡϦςΟཁ݅ఆٛॻ8(
੬ऑੑஅ࢜εΩϧϚοϓϓϩδΣΫτ • ੬ऑੑஅΛߦ͏ݸਓͷٕज़తͳೳྗΛ۩ମతʹ͢Δ • ੬ऑੑஅΛߦ͏ٕज़ऀʢҎԼɺ੬ऑੑஅ࢜ʣͷεΩϧϚοϓ ͱֶशͷࢦͱͳΔγϥόεɺ੬ऑੑஅΛߦ͏ͨΊͷΨΠυϥ ΠϯͳͲΛඋ • *40(+ͱ08"41 +BQBOͷڞಉ8(
8FCΞϓϦέʔγϣϯ੬ऑੑஅΨΠυϥΠϯ • खಈஅิॿπʔϧΛͬͨ8FCΞϓϦέʔγϣϯ੬ऑੑஅ ʹ༻͢ΔΨΠυϥΠϯ – 42-J 944ͳͲͷ۩ମతͳஅύλʔϯ
੬ऑੑஅ ॳ৺ऀϋϯζΦϯτϨʔχϯά • ݄ ։࠵ • ืूਓ໊ <͢Ͱʹຬ੮> IUUQTQFOUFTUXFCDPOOQBTTDPNFWFOU
օ͞ΜͷڠྗͰΓཱ͍ͬͯ·͢ • ຊޠ൛͕ͳ͍ϓϩδΣΫτ͍͔ͭ͘ • ఀ͍ͯ͠ΔϓϩδΣΫτ͍͔ͭ͘ • ϘϥϯςΟΞͷྗΛඞཁͱ͍ͯ͠·͢
+PJOVT