This presentation is about Amazon Web Service(AWS) security incidents.
I gave this presentation in somewhere on February 21, 2015. When I uploaded this slides to slideshare, some slides were deleted or modified.
This presentation is about Amazon Web Service(AWS) security incidents.
I gave this presentation in somewhere on February 21, 2015. When I uploaded this slides to slideshare, some slides were deleted or modified.
This document contains a collection of letters, numbers, symbols and punctuation marks with no discernible meaning or organization. It does not convey any clear ideas, concepts or information that could be summarized in 3 sentences or less.
13. WAFで全ての脆弱性をカバーできるだろうか?
13
OWASP Top10 2017 WAFが守ってくれる範囲
リスクの名前とWAF設
定が一致しない。
Protect Your Applications Against All OWASP Top 10 Risks
https://www.imperva.com/docs/IM_eBook_Ten_OWASP_Threats.p
df
ある程度カバーしてい
ることはわかる。
14. あえてデフォルトで守らない部分もある
Cross site request forgery (CSRF)
Incapsulaはデフォルトで守らない
Using IncapRules, you can create a policy that filters requests to sensitive pages
and functions based on your HTTP referrer header content. Doing so allows
requests to be executed from a short list of secure domains.
OWASP Top10 2017
A8-クロスサイトリクエストフォージェリ (CSRF) は、多くのフレームワークがこの対策
を講じており (CSRF対策)、アプリケーションの5%程度 でのみ観察されています。
14
https://www.incapsula.com/web-application-security/csrf-cross-site-request-forgery.html
https://www.owasp.org/images/2/23/OWASP_Top_10-2017%28ja%29.pdf
Webアプリに固有の対策をする必要があり、
万能のルールを作成できない