Upgrade to Pro — share decks privately, control downloads, hide ads and more …

既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec

Avatar for Tomoyuki KOYAMA Tomoyuki KOYAMA
May 05, 2018
Technology
0
170

既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec

学生LT#11, @DMM
Avatar for Tomoyuki KOYAMA

Tomoyuki KOYAMA

May 05, 2018
Tweet

More Decks by Tomoyuki KOYAMA

See All by Tomoyuki KOYAMA
Reading HTTP Client Hints
Avatar for Tomoyuki KOYAMA tomoyk
0
73
Log message with JSON item count for root cause analysis in microservices
Avatar for Tomoyuki KOYAMA tomoyk
0
180
Distributed Log Search Based on Time Series Access and Service Relations
Avatar for Tomoyuki KOYAMA tomoyk
0
310
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
Avatar for Tomoyuki KOYAMA tomoyk
0
390
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
Avatar for Tomoyuki KOYAMA tomoyk
2
860
この先生きのこるための学び方 / how-to-learn-tech
Avatar for Tomoyuki KOYAMA tomoyk
1
370
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
Avatar for Tomoyuki KOYAMA tomoyk
1
170
パケットを覗いてみよう / Packet workshop for beginners
Avatar for Tomoyuki KOYAMA tomoyk
0
320
XSSの入力値を調べてみた / searching xss insertion value
Avatar for Tomoyuki KOYAMA tomoyk
3
1.4k

Other Decks in Technology

See All in Technology
VitePress & MCPでアプリ仕様のオープン化に挑戦する
Avatar for Hal hal_spidernight
0
100
CARTA HOLDINGS エンジニア向け 採用ピッチ資料 / CARTA-GUIDE-for-Engineers
Avatar for CARTA Engineering carta_engineering
0
27k
さくらのクラウド開発の裏側
Avatar for metakoma metakoma
PRO
7
2.8k
20250514 1Passwordを使い倒す道場 vol.1
Avatar for Takumi Abe east_takumi
0
110
名単体テスト 禁断の傀儡(モック)
Avatar for iwamot iwamot
PRO
1
250
Part2 GitHub Copilotってなんだろう
Avatar for tomokusaba tomokusaba
2
790
Azure × MCP 入門
Avatar for Ryosuke Hyakuta ry0y4n
8
1.7k
続・やっぱり余白が大切だった話
Avatar for KAKEHASHI kakehashi
PRO
3
320
SaaS公式MCPサーバーをリリースして得た学び
Avatar for ryo kawamataryo
4
1.2k
Gateway H2 モジュールで
スマートホーム入門
Avatar for MinoruInachi minoruinachi
0
140
Coding Agentに値札を付けろ
Avatar for watany watany
3
490
20 Years of Domain-Driven Design: What I’ve Learned About DDD
Avatar for Eberhard Wolff ewolff
1
350

Featured

See All Featured
Building an army of robots
Avatar for Kyle Neath kneath
305
45k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
34
3k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
7
420
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
52
2.5k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
28
3.8k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
56
9.4k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
298
20k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
187
11k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
656
60k
It's Worth the Effort
Avatar for 3n 3n
184
28k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
613
210k
BBQ
Avatar for Matthew Crist matthewcrist
88
9.6k

Transcript

  1. طଘͷ8FCΞϓϦΛ
 ηΩϡΞʹ͢ΔͨΊʹ
 ΍ͬͨ͜ͱ  5PNPZVLJ,0:"." ֶੜ-5

  2. ࣗݾ঺հ w /BNFίϠϚτϞϢΩ w (SBEFཧ޻ܥେֶ# w 5XJUUFS!UNZL@LZN w #MPHIUUQTCMPHLPZBNBNF w

    5BHT/FUXPSL8FC4FSWFS4FDVSJUZ

  3. ҳൠͷޡՈఉ ϠϑΦΫͰதݹͷωοτϫʔΫػثΛߪೖ

  4. ۙگ w ٕज़ॻయʹߦͬͨ w ొ࿥ηΩεϖΛड͚ͨ w ๭IBDLʹམͪͨ w ֶੜ-5ʹؒʹ߹ͬͨɹˡ/&8

  5. 8FCηΩϡϦςΟ
 ͷجૅ

  6. 944 w ΫϩεɾαΠτɾεΫϦϓςΟϯά w )5.-಺ʹεΫϦϓτ͕ૠೖ͞ΕΔ͜ͱͰɺ೚ ҙͷॲཧ͕࣮ߦ͞ΕΔ w $8&*NQSPQFS/FVUSBMJ[BUJPOPG*OQVU %VSJOH8FC1BHF(FOFSBUJPO $SPTTTJUF

    4DSJQUJOH   

  7. 944 EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF I QIQFDIP@(&5<NPEF> I EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF

    IIFMMPI ม਺@(&5<bNPEF`>ʹIFMMP͕ઃఆ͞Ε͍ͯΔͱʜ 4BGF

  8. 944 EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF I QIQFDIP@(&5<NPEF> I EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF

    ITDSJQUBMFSU TDSJQUI ม਺@(&5<bNPEF`>ʹTDSJQUBMFSU TDSJQU͕
 ઃఆ͞Ε͍ͯΔͱʜ VO4BGF

  9. 'SBNF8PSLʹཔΔͱʜ w 'SBNF8PSL͕ࣗಈͰΤεέʔϓͯ͘͠ΕΔ w ηΩϡϦςΟΛҙࣝͤͣʹ։ൃՄ w 3VCZPO3BJMT 'MBTL $BLF1)1 FUDʜ

  10. طଘͷ8FCΞϓϦΛ
 ηΩϡΞʹ͢ΔͨΊʹ
 ΍ͬͨ͜ͱ

  11. ܦҢ w ͱ͋Δ8FCΞϓϦ ൿ఻ͷιʔε Λಈ͔͢ґཔΛ ड͚Δ w ѻ͏σʔλ͸ݸਓ৘ใ w ηΩϡϦςΟΛݟ௚ͯ͠Έͨ

  12. ΍ͬͨ͜ͱ

  13. 44-Խ w )551ˠ)5514 w 44-ূ໌ॻΛ-FU`T&ODSZQUͰऔಘ w ैདྷ͸ݸਓ৘ใΛฏจͰ΍ΓऔΓ

  14. ͓͠·͍

  15. ΍ͬͨ͜ͱ w ॳڃ w 44-Խ w தڃ w ্ڃ

  16. ΍ͬͨ͜ͱதڃ w $PPLJF΁IUUQPOMZଐੑ TFDVSFଐੑΛ෇༩ w Ϩεϙϯεϔομ΁ҎԼΛ෇༩ w 99441SPUFDUJPONPEFCMPDL w 9'SBNF0QUJPOT4".&03*(*/

    w 9$POUFOU5ZQF0QUJPOTOPTOJ⒎

  17. $PPLJF΁IUUQPOMZଐੑ  TFDVSFଐੑΛ෇༩

  18. 99441SPUFDUJPO NPEFCMPDL w 8FCϒϥ΢βͷ944ϑΟϧλʔΛڧ੍0/ w 944Λݕ஌͢ΔͱϒϩοΫ͢Δ IUUQFYBNQMFDPNTFBSDI TDSJQUBMFSU TDSJQU

  19. 9'SBNF0QUJPOT
 9$POUFOU5ZQF0QUJPOT w 9'SBNF0QUJPOT4".&03*(*/ w ΫϦοΫɾδϟοΩϯάରࡦ
 JGSBNFͰͷผαΠτ͔ΒຒΊࠐΈΛېࢭ  w 9$POUFOU5ZQF0QUJPOTOPTOJ⒎

    w FͷΞΠίϯͳϒϥ΢βͰͷ944Λ๷ࢭ

  20. ΍ͬͨ͜ͱ্ڃ w ηογϣϯɾλΠϜΞ΢τ w Ϩεϙϯεϔομ΁ҎԼΛ෇༩ w $BDIF$POUSPMQSJWBUF OPTUPSF w 4USJDU5SBOTQPSU4FDVSJUZNBY

    BHFJODMVEF4VCEPNBJOT

  21. ηογϣϯɾλΠϜΞ΢τ $PPLJFͷ&YQJSFଐੑͰ༗ޮظݶΛઃఆ

  22. $BDIF$POUSPM
 QSJWBUF OPTUPSF w ϚΠϖʔδ ݸਓ৘ใ ͳͲΛ1SPYZ$%/ͰΩϟο γϡͰอ࣋͠ͳ͍ w ࢀߟʮϝϧΧϦɹݸਓ৘ใྲྀग़ʯ

  23. 4USJDU5SBOTQPSU4FDVSJUZNBY BHFJODMVEF4VCEPNBJOT w )454 )5514USJDU5SBOTQPSU4FDVSJUZ  w IUUQˠIUUQT΁ஔ͖׵͑ͯϦΫΤετΛૹ৴ w <T><EBZ>

  24. ·ͱΊ w 8FCΞϓϦΛެ։͢Δͱ͖͸44-Խ͠Α͏ w $PPLJF΍Ϩεϙϯεɾϔομʹ஫ҙ͠Α͏ w ແঈεΩϟφͷ08"41;"1͸Φεεϝ

  25. ݁Ռ

  26. ΍Γ͕͍(&5 ใु;&30

  27. ࡉ͔͍͜ͱ͸࠙਌ձͰ ั·͑ͯฉ͍ͯω 5IBOLT