今夜わかるWebアプリケーション脆弱性診断 (OWASP Day 758 / 2018)Sen Ueno
2018年9月15日(土) 名古屋で開催したOWASP Day 758にて発表した「今夜わかるWebアプリケーション脆弱性診断」の資料です。
脆弱性診断士スキルマッププロジェクトの話やペネトレーションテスト(Penetration testing / Red Team)、SQLインジェクション、脆弱性診断の実施手順などを紹介しています。
今夜わかるWebアプリケーション脆弱性診断 (OWASP Day 758 / 2018)Sen Ueno
2018年9月15日(土) 名古屋で開催したOWASP Day 758にて発表した「今夜わかるWebアプリケーション脆弱性診断」の資料です。
脆弱性診断士スキルマッププロジェクトの話やペネトレーションテスト(Penetration testing / Red Team)、SQLインジェクション、脆弱性診断の実施手順などを紹介しています。
The objective of this talk is to demonstrate how to subvert some SQLi (bad but popular) defenses and to show how to properly defend against SQLi attacks.
We will cover topics such as:
- Blind SQLi attacks
- Timing SQLi attacks
- Encoding attacks
- How to subvert some filters
- How you should protect your code against SQLi attacks
Presented at Confraria Security & IT, 26/01/11 Lisbon
note: this is exactly the same talk as given in Codebits IV (2010), without the Codebits CTF qualifier explanation.
This talk was co-presented by me and Nuno Loureiro (http://www.slideshare.net/nuno.loureiro)
It all starts with the ' (SQL injection from attacker's point of view)Miroslav Stampar
These are the slides from a talk "It all starts with the ' (SQL injection from attacker's point of view)" held at FSec 2011 conference (Croatia / Varazdin 22nd September 2011) by Miroslav Stampar
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...JPCERT Coordination Center
Recently we’ve seen many vulnerabilities related to improper certificate validation. Those vulnerabilities come from developers’ ignorance or misunderstanding of basic knowledge of certificate validation or insufficient testing of validation code. This presentation starts with the basics of the certificate validation process, surveys several vulnerabilities in the real world, and concludes with lessons learned from real-world vulnerabilities.
This is presented on JavaOne2015.
The objective of this talk is to demonstrate how to subvert some SQLi (bad but popular) defenses and to show how to properly defend against SQLi attacks.
We will cover topics such as:
- Blind SQLi attacks
- Timing SQLi attacks
- Encoding attacks
- How to subvert some filters
- How you should protect your code against SQLi attacks
Presented at Confraria Security & IT, 26/01/11 Lisbon
note: this is exactly the same talk as given in Codebits IV (2010), without the Codebits CTF qualifier explanation.
This talk was co-presented by me and Nuno Loureiro (http://www.slideshare.net/nuno.loureiro)
It all starts with the ' (SQL injection from attacker's point of view)Miroslav Stampar
These are the slides from a talk "It all starts with the ' (SQL injection from attacker's point of view)" held at FSec 2011 conference (Croatia / Varazdin 22nd September 2011) by Miroslav Stampar
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...JPCERT Coordination Center
Recently we’ve seen many vulnerabilities related to improper certificate validation. Those vulnerabilities come from developers’ ignorance or misunderstanding of basic knowledge of certificate validation or insufficient testing of validation code. This presentation starts with the basics of the certificate validation process, surveys several vulnerabilities in the real world, and concludes with lessons learned from real-world vulnerabilities.
This is presented on JavaOne2015.