0                  !!#wasbookWebApplicationSecurityStudy    #wassta
Who are you ?• @tnantoka•• bornneet.com• JavaScript  • looseleaf  • jsany
Node
#wasbook ?• @ockeghem•••             …                    http://zapanet.info/blog/item/2128
•   1    Web•   2•   3    Web        HTTP•   4    Web•   5•   6•   7                Web•   8    Web•   9          Web
•   1    Web•   2•   3    Web        HTTP•   4    Web•   5•   6•   7                Web•   8    Web•   9          Web
Let’s start!※ #wasbook blog.bornneet.com                     w
Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
Chapter1vulnerability
••“   ”
•    • check & fix•    •
Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
Chapter2Setup
for Windows• #wasbook
for mac• #wasbook            mac • http://blog.bornneet.com/Entry/306/• @ockeghem          reply
VMware• 30•                   4000• http://www.act2.com/products/fusion3.html
Local Proxy• HTTP  •    ••  • tamper data
Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
Chapter3Basis
HTTP
HTTPclient          server
HTTPclient                   server          HTTP Request
HTTPclient                    server          HTTP Request          HTTP Response
HTTP RequestGET /index.html HTTP/1.1 rnHost: www.bornneet.com rnUser-Agent: Mozilla/5.0 (Macintosh; ... Firefox/4.0 rnAcce...
HTTP ResponseHTTP/1.1 200 OK rnDate: Mon, 11 Apr 2011 14:03:03 GMT rnServer: Apache rnX-Powered-By: ModLayout/3.2.1 rnCach...
Status code• 2XX:• 3XX:• 4XX:• 5XX:
Headers• UserAgent• Content-Type• Conetnt-Length• Set-Cookie• Cookie• and more...
Version• HTTP 1.0 •• HTTP 1.1 • Host • keep-alive • Chunked • and more...
Method• GET • QueryString • •             URI •
• POST • Body • • •
•    • PUT    • DELETE
• Request•           …
• Request•           …
REST vs SOAP• REST •              URI • •   “Web       ”• SOAP •       POST
Session
Statelessclient               server
Statelessclient     @tnantoka                          server           HTTP Request
Statelessclient     @tnantoka                           server           HTTP Request             @tnantoka           HTTP...
client   server
client                  server         HTTP Request
client                   server         HTTP Request         HTTP Response
Cookieclient            server
Cookieclient    @tnantoka                         server          HTTP Request
Cookieclient    @tnantoka                         server          HTTP Request                              SessionID     ...
Cookieclient     @tnantoka                              server          HTTP Request                                   Ses...
client   server
client                    server         HTTP Request         Cookie: 123abc
client                    server         HTTP Request         Cookie: 123abc                               SessionID      ...
client                    server         HTTP Request         Cookie: 123abc                               SessionID      ...
ID• ! && ! && ! • • • Cookie   • Secure, HttpOnly... •
• Basic•  • base64•• SSL
same origin policy
Sandbox• browser
Same origin policy• JavaScript  • FQDN  • Scheme  • Port number•
Cross-domain• <script>• <img>• <frame>• <form>•• src=”          ”
• http://hamachiya.com/junk/cj.html••• X-Frame-Options           meta
AppendixTLS/SSL
SSL ? TLS ?• SSL          by Netscape•       →TLS••
Layer5         HTTP                / HTTP  SSL  TCP  IP
https://www.verisign.co.jp/repository/faq/SSL/https.html
Hybrid•    •    ••    •
•• CA•
CA
CA
CA
CA
Hash       CA
CAHash       CA
CAHash       CA
CAHash       CA
CAHash       CA
Hash
HashCA
Hash     DecryptCA
Hash     DecryptCA
Hash               equal?     DecryptCA
EV•••    •
CA    CA-1(   CA-2)
2011/3• CA    • mail.google.com, login.skype.com...••
• #wasbook•
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
Upcoming SlideShare
Loading in …5
×

第0回ワススタ!! #wasbookを読もう

1,955 views

Published on

#wasbook読書会(#wassta) 第0回の発表資料です。

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,955
On SlideShare
0
From Embeds
0
Number of Embeds
267
Actions
Shares
0
Downloads
11
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • 第0回ワススタ!! #wasbookを読もう

    1. 1. 0 !!#wasbookWebApplicationSecurityStudy #wassta
    2. 2. Who are you ?• @tnantoka•• bornneet.com• JavaScript • looseleaf • jsany
    3. 3. Node
    4. 4. #wasbook ?• @ockeghem••• … http://zapanet.info/blog/item/2128
    5. 5. • 1 Web• 2• 3 Web HTTP• 4 Web• 5• 6• 7 Web• 8 Web• 9 Web
    6. 6. • 1 Web• 2• 3 Web HTTP• 4 Web• 5• 6• 7 Web• 8 Web• 9 Web
    7. 7. Let’s start!※ #wasbook blog.bornneet.com w
    8. 8. Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
    9. 9. Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
    10. 10. Chapter1vulnerability
    11. 11. ••“ ”
    12. 12. • • check & fix• •
    13. 13. Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
    14. 14. Chapter2Setup
    15. 15. for Windows• #wasbook
    16. 16. for mac• #wasbook mac • http://blog.bornneet.com/Entry/306/• @ockeghem reply
    17. 17. VMware• 30• 4000• http://www.act2.com/products/fusion3.html
    18. 18. Local Proxy• HTTP • •• • tamper data
    19. 19. Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
    20. 20. Chapter3Basis
    21. 21. HTTP
    22. 22. HTTPclient server
    23. 23. HTTPclient server HTTP Request
    24. 24. HTTPclient server HTTP Request HTTP Response
    25. 25. HTTP RequestGET /index.html HTTP/1.1 rnHost: www.bornneet.com rnUser-Agent: Mozilla/5.0 (Macintosh; ... Firefox/4.0 rnAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 rnAccept-Language: ja,en-us;q=0.7,en;q=0.3 rnAccept-Encoding: gzip, deflate rnAccept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7 rnKeep-Alive: 115 rnConnection: keep-alive rnCookie: ... rnrn
    26. 26. HTTP ResponseHTTP/1.1 200 OK rnDate: Mon, 11 Apr 2011 14:03:03 GMT rnServer: Apache rnX-Powered-By: ModLayout/3.2.1 rnCache-Control: no-cache rnConnection: close rnContent-Type: text/html rnContent-Encoding: gzip rnContent-Length: 41 rnrn<html><body>Hello, wasbook!</body></html>
    27. 27. Status code• 2XX:• 3XX:• 4XX:• 5XX:
    28. 28. Headers• UserAgent• Content-Type• Conetnt-Length• Set-Cookie• Cookie• and more...
    29. 29. Version• HTTP 1.0 •• HTTP 1.1 • Host • keep-alive • Chunked • and more...
    30. 30. Method• GET • QueryString • • URI •
    31. 31. • POST • Body • • •
    32. 32. • • PUT • DELETE
    33. 33. • Request• …
    34. 34. • Request• …
    35. 35. REST vs SOAP• REST • URI • • “Web ”• SOAP • POST
    36. 36. Session
    37. 37. Statelessclient server
    38. 38. Statelessclient @tnantoka server HTTP Request
    39. 39. Statelessclient @tnantoka server HTTP Request @tnantoka HTTP Response
    40. 40. client server
    41. 41. client server HTTP Request
    42. 42. client server HTTP Request HTTP Response
    43. 43. Cookieclient server
    44. 44. Cookieclient @tnantoka server HTTP Request
    45. 45. Cookieclient @tnantoka server HTTP Request SessionID 123abc @tnantoka
    46. 46. Cookieclient @tnantoka server HTTP Request SessionID @tnantoka 123abc HTTP Response @tnantoka Set-Cookie: 123abc
    47. 47. client server
    48. 48. client server HTTP Request Cookie: 123abc
    49. 49. client server HTTP Request Cookie: 123abc SessionID 123abc... @tnantoka!
    50. 50. client server HTTP Request Cookie: 123abc SessionID 123abc... @tnantoka @tnantoka! HTTP Response
    51. 51. ID• ! && ! && ! • • • Cookie • Secure, HttpOnly... •
    52. 52. • Basic• • base64•• SSL
    53. 53. same origin policy
    54. 54. Sandbox• browser
    55. 55. Same origin policy• JavaScript • FQDN • Scheme • Port number•
    56. 56. Cross-domain• <script>• <img>• <frame>• <form>•• src=” ”
    57. 57. • http://hamachiya.com/junk/cj.html••• X-Frame-Options meta
    58. 58. AppendixTLS/SSL
    59. 59. SSL ? TLS ?• SSL by Netscape• →TLS••
    60. 60. Layer5 HTTP / HTTP SSL TCP IP
    61. 61. https://www.verisign.co.jp/repository/faq/SSL/https.html
    62. 62. Hybrid• • •• •
    63. 63. •• CA•
    64. 64. CA
    65. 65. CA
    66. 66. CA
    67. 67. CA
    68. 68. Hash CA
    69. 69. CAHash CA
    70. 70. CAHash CA
    71. 71. CAHash CA
    72. 72. CAHash CA
    73. 73. Hash
    74. 74. HashCA
    75. 75. Hash DecryptCA
    76. 76. Hash DecryptCA
    77. 77. Hash equal? DecryptCA
    78. 78. EV••• •
    79. 79. CA CA-1( CA-2)
    80. 80. 2011/3• CA • mail.google.com, login.skype.com...••
    81. 81. • #wasbook•

    ×