Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

現場で使える脆弱性検査サービス VAddy

79 views

Published on

VAddyミートアップ大阪 2017/11/22

Published in: Technology
  • Be the first to comment

  • Be the first to like this

現場で使える脆弱性検査サービス VAddy

  1. 1. Copyright (c) Bitforest Co., Ltd. VAddy 1 #vaddy
  2. 2. Copyright (c) Bitforest Co., Ltd.2 • VAddy • • VAddy • PrivateNet VAddy
  3. 3. Copyright (c) Bitforest Co., Ltd.3 • VAddy • Web • •
  4. 4. Copyright (c) Bitforest Co., Ltd.4 • 2002 • ( ), • Web ( ) • Scutum(WAF) 2009 • VAddy 2014
  5. 5. Copyright (c) Bitforest Co., Ltd.5
  6. 6. Copyright (c) Bitforest Co., Ltd. • • • • 6
  7. 7. Copyright (c) Bitforest Co., Ltd.7
  8. 8. Copyright (c) Bitforest Co., Ltd. 8 Web Vulnerability Assessment is your Buddy
  9. 9. Copyright (c) Bitforest Co., Ltd.9
  10. 10. Copyright (c) Bitforest Co., Ltd. • as a Service • SQLi, XSS, etc • Web • WebAPI CI 10
  11. 11. Copyright (c) Bitforest Co., Ltd. • http://example.com/show?id=1&name=foo • id=1’&name=foo • id=abs(“1”)&name=foo • id=1&name=foo’ • id=1&name=abs(“1”) 11 POST PUT DELETE JSON
  12. 12. Copyright (c) Bitforest Co., Ltd.12
  13. 13. Copyright (c) Bitforest Co., Ltd. VAddy 13 

  14. 14. Copyright (c) Bitforest Co., Ltd. VAddy 14
  15. 15. Copyright (c) Bitforest Co., Ltd.15
  16. 16. Copyright (c) Bitforest Co., Ltd.16
  17. 17. Copyright (c) Bitforest Co., Ltd.17 SQL XSS
  18. 18. Copyright (c) Bitforest Co., Ltd. • STEP1 • STEP2 • STEP3 / WebAPI) 18
  19. 19. Copyright (c) Bitforest Co., Ltd.19
  20. 20. Copyright (c) Bitforest Co., Ltd. 20 (URL Proxy VAddy Proxy Web
  21. 21. Copyright (c) Bitforest Co., Ltd. • • • 21
  22. 22. Copyright (c) Bitforest Co., Ltd.22 DEMO
  23. 23. Copyright (c) Bitforest Co., Ltd.23 PrivateNet VAddy
  24. 24. Copyright (c) Bitforest Co., Ltd.24 OK NG
  25. 25. Copyright (c) Bitforest Co., Ltd. • • • • VM Vagrant Docker • CI as a Service 25
  26. 26. Copyright (c) Bitforest Co., Ltd.26 ssh pfd.vaddy.net:22 (outbound) Web Port 443
  27. 27. Copyright (c) Bitforest Co., Ltd.27 SSH Local: 443 Remote: 3210 Scan Web Port 443 Scan
  28. 28. Copyright (c) Bitforest Co., Ltd.28 SSH Local: 192.168.1.18: 8888 Remote: 3210 Scan Scan
  29. 29. Copyright (c) Bitforest Co., Ltd. • PrivateNet • WebAPI • • • / WebAPI) 29
  30. 30. Copyright (c) Bitforest Co., Ltd.30 DEMO
  31. 31. Copyright (c) Bitforest Co., Ltd. • • Starter $60, Pro $190 19,800 ) • • • 2 31
  32. 32. Copyright (c) Bitforest Co., Ltd. • info@vaddy.net • • 32
  33. 33. Copyright (c) Bitforest Co., Ltd.33 @vaddynet

×