資安 - 工程師視角
TonyQ
資訊安全
細心與掌握的考驗
本日重點
OWASP 2017 (RC2)
列表
Injection
Session managment/Broken auth
Sensitive data exposure
Broken access control
Security misconfiguration
Cross site scripting
Insecure deserialization
Using component with known volnerabilities
Insufficient logging & monitoring
Injection
注入弱點
(常見是 db 的 sql injection)
Session managment/Broken auth
Sensitive data exposure
Broken access control
Security misconfiguration
Cross site scripting
Insecure deserialization
Using component with known volnerabilities
Insufficient logging & monitoring
Q&A
Resume presentation
資安 - 工程師視角 TonyQ
BESbswy
BESbswy
BESbswy
BESbswy