Upgrade to Pro — share decks privately, control downloads, hide ads and more …

既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec

Avatar for Tomoyuki KOYAMA Tomoyuki KOYAMA
May 05, 2018
Technology
0
180

既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec

学生LT#11, @DMM

Avatar for Tomoyuki KOYAMA

Tomoyuki KOYAMA

May 05, 2018
Tweet

More Decks by Tomoyuki KOYAMA

See All by Tomoyuki KOYAMA
Reading HTTP Client Hints
Avatar for Tomoyuki KOYAMA tomoyk
0
86
Log message with JSON item count for root cause analysis in microservices
Avatar for Tomoyuki KOYAMA tomoyk
1
200
Distributed Log Search Based on Time Series Access and Service Relations
Avatar for Tomoyuki KOYAMA tomoyk
0
330
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
Avatar for Tomoyuki KOYAMA tomoyk
0
420
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
Avatar for Tomoyuki KOYAMA tomoyk
2
920
この先生きのこるための学び方 / how-to-learn-tech
Avatar for Tomoyuki KOYAMA tomoyk
1
390
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
Avatar for Tomoyuki KOYAMA tomoyk
1
180
パケットを覗いてみよう / Packet workshop for beginners
Avatar for Tomoyuki KOYAMA tomoyk
0
340
XSSの入力値を調べてみた / searching xss insertion value
Avatar for Tomoyuki KOYAMA tomoyk
3
1.5k

Other Decks in Technology

See All in Technology
テストを軸にした生き残り術
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
0
210
Snowflake×dbtを用いたテレシーのデータ基盤のこれまでとこれから
Avatar for Sagara sagara
0
120
Claude Code でアプリ開発をオートパイロットにするためのTips集 Zennの場合 / Claude Code Tips in Zenn
Avatar for Yusuke Wada wadayusuke
5
840
roppongirb_20250911
Avatar for Kuniaki IGARASHI igaiga
1
240
実践!カスタムインストラクション&スラッシュコマンド
Avatar for puku0x puku0x
0
520
Snowflake Intelligence × Document AIで“使いにくいデータ”を“使えるデータ”に
Avatar for Kosaku Ono kevinrobot34
1
110
Webアプリケーションにオブザーバビリティを実装するRust入門ガイド
Avatar for nwiizo nwiizo
7
880
「どこから読む?」コードとカルチャーに最速で馴染むための実践ガイド
Avatar for ZOZO Developers zozotech
PRO
0
550
Android Audio: Beyond Winning On It
Avatar for Atsushi Eno atsushieno
0
2.4k
会社紹介資料 / Sansan Company Profile
Avatar for Sansan, Inc. sansan33
PRO
6
380k
プラットフォーム転換期におけるGitHub Copilot活用〜Coding agentがそれを加速するか〜 / Leveraging GitHub Copilot During Platform Transition Periods
Avatar for AEON aeonpeople
1
230
Codeful Serverless / 一人運用でもやり抜く力
Avatar for kensh _kensh
7
450

Featured

See All Featured
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
160
23k
Designing for Performance
Avatar for Lara Hogan lara
610
69k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
30
9.7k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
72
11k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
33
2.4k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
339
57k
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
96
6.2k
Navigating Team Friction
Avatar for Lara Hogan lara
189
15k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
180
9.9k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
279
23k
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
12
1.1k

Transcript

  1. طଘͷ8FCΞϓϦΛ
 ηΩϡΞʹ͢ΔͨΊʹ
 ΍ͬͨ͜ͱ  5PNPZVLJ,0:"." ֶੜ-5

  2. ࣗݾ঺հ w /BNFίϠϚτϞϢΩ w (SBEFཧ޻ܥେֶ# w 5XJUUFS!UNZL@LZN w #MPHIUUQTCMPHLPZBNBNF w

    5BHT/FUXPSL8FC4FSWFS4FDVSJUZ

  3. ҳൠͷޡՈఉ ϠϑΦΫͰதݹͷωοτϫʔΫػثΛߪೖ

  4. ۙگ w ٕज़ॻయʹߦͬͨ w ొ࿥ηΩεϖΛड͚ͨ w ๭IBDLʹམͪͨ w ֶੜ-5ʹؒʹ߹ͬͨɹˡ/&8

  5. 8FCηΩϡϦςΟ
 ͷجૅ

  6. 944 w ΫϩεɾαΠτɾεΫϦϓςΟϯά w )5.-಺ʹεΫϦϓτ͕ૠೖ͞ΕΔ͜ͱͰɺ೚ ҙͷॲཧ͕࣮ߦ͞ΕΔ w $8&*NQSPQFS/FVUSBMJ[BUJPOPG*OQVU %VSJOH8FC1BHF(FOFSBUJPO $SPTTTJUF

    4DSJQUJOH   

  7. 944 EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF I QIQFDIP@(&5<NPEF> I EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF

    IIFMMPI ม਺@(&5<bNPEF`>ʹIFMMP͕ઃఆ͞Ε͍ͯΔͱʜ 4BGF

  8. 944 EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF I QIQFDIP@(&5<NPEF> I EPDUZQFIUNM NFUBDIBSTFUVUG UJUMF9444BNQMFUJUMF

    ITDSJQUBMFSU TDSJQUI ม਺@(&5<bNPEF`>ʹTDSJQUBMFSU TDSJQU͕
 ઃఆ͞Ε͍ͯΔͱʜ VO4BGF

  9. 'SBNF8PSLʹཔΔͱʜ w 'SBNF8PSL͕ࣗಈͰΤεέʔϓͯ͘͠ΕΔ w ηΩϡϦςΟΛҙࣝͤͣʹ։ൃՄ w 3VCZPO3BJMT 'MBTL $BLF1)1 FUDʜ

  10. طଘͷ8FCΞϓϦΛ
 ηΩϡΞʹ͢ΔͨΊʹ
 ΍ͬͨ͜ͱ

  11. ܦҢ w ͱ͋Δ8FCΞϓϦ ൿ఻ͷιʔε Λಈ͔͢ґཔΛ ड͚Δ w ѻ͏σʔλ͸ݸਓ৘ใ w ηΩϡϦςΟΛݟ௚ͯ͠Έͨ

  12. ΍ͬͨ͜ͱ

  13. 44-Խ w )551ˠ)5514 w 44-ূ໌ॻΛ-FU`T&ODSZQUͰऔಘ w ैདྷ͸ݸਓ৘ใΛฏจͰ΍ΓऔΓ

  14. ͓͠·͍

  15. ΍ͬͨ͜ͱ w ॳڃ w 44-Խ w தڃ w ্ڃ

  16. ΍ͬͨ͜ͱதڃ w $PPLJF΁IUUQPOMZଐੑ TFDVSFଐੑΛ෇༩ w Ϩεϙϯεϔομ΁ҎԼΛ෇༩ w 99441SPUFDUJPONPEFCMPDL w 9'SBNF0QUJPOT4".&03*(*/

    w 9$POUFOU5ZQF0QUJPOTOPTOJ⒎

  17. $PPLJF΁IUUQPOMZଐੑ  TFDVSFଐੑΛ෇༩

  18. 99441SPUFDUJPO NPEFCMPDL w 8FCϒϥ΢βͷ944ϑΟϧλʔΛڧ੍0/ w 944Λݕ஌͢ΔͱϒϩοΫ͢Δ IUUQFYBNQMFDPNTFBSDI TDSJQUBMFSU TDSJQU

  19. 9'SBNF0QUJPOT
 9$POUFOU5ZQF0QUJPOT w 9'SBNF0QUJPOT4".&03*(*/ w ΫϦοΫɾδϟοΩϯάରࡦ
 JGSBNFͰͷผαΠτ͔ΒຒΊࠐΈΛېࢭ  w 9$POUFOU5ZQF0QUJPOTOPTOJ⒎

    w FͷΞΠίϯͳϒϥ΢βͰͷ944Λ๷ࢭ

  20. ΍ͬͨ͜ͱ্ڃ w ηογϣϯɾλΠϜΞ΢τ w Ϩεϙϯεϔομ΁ҎԼΛ෇༩ w $BDIF$POUSPMQSJWBUF OPTUPSF w 4USJDU5SBOTQPSU4FDVSJUZNBY

    BHFJODMVEF4VCEPNBJOT

  21. ηογϣϯɾλΠϜΞ΢τ $PPLJFͷ&YQJSFଐੑͰ༗ޮظݶΛઃఆ

  22. $BDIF$POUSPM
 QSJWBUF OPTUPSF w ϚΠϖʔδ ݸਓ৘ใ ͳͲΛ1SPYZ$%/ͰΩϟο γϡͰอ࣋͠ͳ͍ w ࢀߟʮϝϧΧϦɹݸਓ৘ใྲྀग़ʯ

  23. 4USJDU5SBOTQPSU4FDVSJUZNBY BHFJODMVEF4VCEPNBJOT w )454 )5514USJDU5SBOTQPSU4FDVSJUZ  w IUUQˠIUUQT΁ஔ͖׵͑ͯϦΫΤετΛૹ৴ w <T><EBZ>

  24. ·ͱΊ w 8FCΞϓϦΛެ։͢Δͱ͖͸44-Խ͠Α͏ w $PPLJF΍Ϩεϙϯεɾϔομʹ஫ҙ͠Α͏ w ແঈεΩϟφͷ08"41;"1͸Φεεϝ

  25. ݁Ռ

  26. ΍Γ͕͍(&5 ใु;&30

  27. ࡉ͔͍͜ͱ͸࠙਌ձͰ ั·͑ͯฉ͍ͯω 5IBOLT