セキュリティテスト as a serviceであるVAddyを運営してきた話。 前半はセキュリティテストに関すること、VAddyの紹介。 後半に運営してきた話として、いろいろな取り組みを紹介。

1. Copyright (c) Bitforest Co., Ltd.
2
@vaddynet
2016/7/3
YAPC::ASIA HACHIOJI
#yapc8ojiC

2. Copyright (c) Bitforest Co., Ltd.
• 市川 @cakephper
• VAddyプロダクトマネージャ、開発者
• PHPカンファレンス福岡、Fukuoka.php
• http://blog.ichikaway.com

3. Copyright (c) Bitforest Co., Ltd.
•
•
• VAddy
• VAddy

4. Copyright (c) Bitforest Co., Ltd.
Web

5. Copyright (c) Bitforest Co., Ltd.

6. Copyright (c) Bitforest Co., Ltd.
• Web
•
•
• VAddy, OWASP ZAP, BurpSuite
• OS
•

7. Copyright (c) Bitforest Co., Ltd.
•http://example.com/show?id=1&name=foo
•id=1’&name=foo
•id=abs(“1”)&name=foo
•id=1&name=foo’
•id=1&name=abs(“1”)

8. Copyright (c) Bitforest Co., Ltd.
•POST http://example.com/edit
•id=1’&name=foo
•{id=‘abs(“1”)’ , name=‘foo’} //JSON

9. Copyright (c) Bitforest Co., Ltd.
•
•
•
•CSRF
VAddy

10. Copyright (c) Bitforest Co., Ltd.

11. Copyright (c) Bitforest Co., Ltd.
•
• http://blog.sei.cmu.edu/post.cfm/security-continuous-integration-338

12. Copyright (c) Bitforest Co., Ltd.

13. Copyright (c) Bitforest Co., Ltd.
•
•CI
•
•
•
•Web

14. Copyright (c) Bitforest Co., Ltd.
•
•DevSecOps
•
•
•

15. Copyright (c) Bitforest Co., Ltd.

16. Copyright (c) Bitforest Co., Ltd.
2014
Web

17. Copyright (c) Bitforest Co., Ltd.

18. Copyright (c) Bitforest Co., Ltd.
CI

19. Copyright (c) Bitforest Co., Ltd.
Vulnerability Assessment is your Buddy

20. Copyright (c) Bitforest Co., Ltd.
http://vaddy.net/ja

21. Copyright (c) Bitforest Co., Ltd.
• Web
• (SaaS)
•CI WebAPI
•

22. Copyright (c) Bitforest Co., Ltd.

23. Copyright (c) Bitforest Co., Ltd.
VAddy

24. Copyright (c) Bitforest Co., Ltd.
DEMO

25. Copyright (c) Bitforest Co., Ltd.

26. Copyright (c) Bitforest Co., Ltd.
main.php name2 XSS

27. Copyright (c) Bitforest Co., Ltd.

28. Copyright (c) Bitforest Co., Ltd.
html
XSS

29. Copyright (c) Bitforest Co., Ltd.
2

30. Copyright (c) Bitforest Co., Ltd.
•2014 1
•2014 10
•2015 4
•2015 10
• 3

31. Copyright (c) Bitforest Co., Ltd.
• ($0)
• ($100/ )
• ($300/ )

32. Copyright (c) Bitforest Co., Ltd.
• ($0)
• 1 5 )
•CI
VAddy CI

33. Copyright (c) Bitforest Co., Ltd.
•SQL
•XSS
•
•
•

34. Copyright (c) Bitforest Co., Ltd.
•
• :)
• by @hsmt

35. Copyright (c) Bitforest Co., Ltd.
•
•
•
•
•UTF8, UTC

36. Copyright (c) Bitforest Co., Ltd.
•
• URL Reddit, hackernews
•
•stackshare
•devopsbookmark.com

37. Copyright (c) Bitforest Co., Ltd.

38. Copyright (c) Bitforest Co., Ltd.

39. Copyright (c) Bitforest Co., Ltd.
•VAddy
•VAddy
OK
•
•
•
•
http://blog-ja.vaddy.net/post/114552491146/vaddy-stance

40. Copyright (c) Bitforest Co., Ltd.

41. Copyright (c) Bitforest Co., Ltd.
• :(
•
•
•
http://blog-ja.vaddy.net/post/114552491146/vaddy-stance

42. Copyright (c) Bitforest Co., Ltd.
• Web
•
•
http://blog-ja.vaddy.net/post/114552491146/vaddy-stance

43. Copyright (c) Bitforest Co., Ltd.
•
•99 Designs
•Intercom
•Sendgrid
•VAddy VAddy
•

44. Copyright (c) Bitforest Co., Ltd.
•
•
•

45. Copyright (c) Bitforest Co., Ltd.
•
•
• vs
•

46. Copyright (c) Bitforest Co., Ltd.
@cakephper
•
•
•SaaS
#yapc8ojiC