2024/10/5 YAPC::Hakodate 2024
Webã‚»ã‚ュリティã®ã‚ã‚‹ãã‹ãŸ
2024/10/5 YAPC::Hakodate 2024
注目ã—ãŸã„クライアントサイドã®è„†å¼±æ€§2é¸/ Security.Tokyo #3
Security.Tokyo #3ã®ç™ºè¡¨è³‡æ–™ã§ã™ã€‚ クライアントサイドã®ãƒ‘ストラãƒãƒ¼ã‚µãƒ«ã¨ã€postMessage経由ã®è„†å¼±æ€§ã‚’å–り上ã’ã¾ã—ãŸã€‚
ã‚»ã‚ュリティヘッダè¦å¯Ÿã§ã™ï¼æ—¢ã«åŒ…囲ã•ã‚Œã¦ã„ã‚‹ï¼è¦³å¿µã—ã¦ãƒ˜ãƒƒãƒ€ã‚’挿入ã—ãªã•ã„ï¼ - エムスリーテックブãƒã‚°
ã€ã‚»ã‚ュリティãƒãƒ¼ãƒ ブãƒã‚°ãƒªãƒ¬ãƒ¼2回目】 ã“ã‚“ã«ã¡ã¯ã€‚エンジニアリンググループã®å±±æœ¬ã§ã™ã€‚ ã‚»ã‚ュリティãƒãƒ¼ãƒ ã¯ã€ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ãƒªãƒ³ã‚°ã‚°ãƒ«ãƒ¼ãƒ—全体ã®ã‚»ã‚ュリティをå‘上ã•ã›ã‚‹ãŸã‚ã®ãƒãƒ¼ãƒãƒ£ãƒ«ãƒãƒ¼ãƒ ãªã®ã§ã™ãŒã€å„プãƒãƒ€ã‚¯ãƒˆé–‹ç™ºãƒãƒ¼ãƒ ã®ã‚µãƒ¼ãƒ“スをãƒã‚§ãƒƒã‚¯ã—ã¦ã€å”力ã—ãªãŒã‚‰å…¨ä½“ã®ã‚»ã‚ュリティをå‘上ã•ã›ã¦ã„ãã®ãŒãƒŸãƒƒã‚·ãƒ§ãƒ³ã§ã™ã€‚ ãã®ãŠä»•äº‹ã®ä¸€ç’°ã¨ã—ã¦ã€Œã“ã®éƒ¨åˆ†ã€ã‚»ã‚ュリティヘッダãŒè¶³ã‚Šãªã„ã‹ã‚‰å…¥ã‚Œã¦ãã ã•ã„ï¼ã€ã¨ã„ã†ã‚„ã‚Šã¨ã‚Šã‚’日常的ã«è¡Œãªã£ã¦ã„ã¾ã™ã€‚ 今日ã¯ã“ã®ã€Œã‚»ã‚ュリティヘッダã€ã¨ã„ã†ã‚‚ã®ãŒä¸€ä½“何ãªã®ã‹ã€ä»Šã•ã‚‰äººã«èžã‘ãªã„アレコレをå–ã‚Šã¾ã¨ã‚ã¦ã¿ãŸã„ã¨æ€ã„ã¾ã™ã€‚ ã‚»ã‚ュリティヘッダè¦å¯Ÿã®æ—¥å¸¸ã®å›³(ã‚‚ã¡ã‚ん冗談ã§ã™) ã‚»ã‚ュリティヘッダ ãã‚‚ãã‚‚ã‚»ã‚ュリティヘッダã¨ã¯ï¼Ÿ 比較的安全ãªã‚»ã‚ュリティヘッダ X-Content-Type-Options X-XSS-Protection Strict-Tr
ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ç ”ä¿®ã€MIXI 23æ–°å’æŠ€è¡“ç ”ä¿®ã€‘
23æ–°å’æŠ€è¡“ç ”ä¿®ã§å®Ÿæ–½ã—ãŸã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ç ”ä¿®ã®è¬›ç¾©è³‡æ–™ã§ã™ã€‚ 資料ã®åˆ©ç”¨ã«ã¤ã„㦠公開ã—ã¦ã„る資料ã¯å‹‰å¼·ä¼šã‚„ä¼æ¥ã®ç ”ä¿®ãªã©ã§è‡ªç”±ã«ã”åˆ©ç”¨é ‚ã„ã¦å¤§ä¸ˆå¤«ã§ã™ãŒã€ä»¥ä¸‹ã®å½¢ã§ã®åˆ©ç”¨ã ã‘ã”é æ…®ãã ã•ã„。 ・å—講者ã‹ã‚‰å‚åŠ è²»ã‚„æŽˆæ¥æ–™ãªã©ã‚’集ã‚ã‚‹å½¢ã§ã®åˆ©ç”¨ï¼ˆä¼šå ´è²»ã‚„飲食費ãªã©â€¦
CSP Evaluator
CSP Evaluator allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. It assists with the process of reviewing CSP policies, which is usually a manual task, and helps identify subtle CSP bypasses which undermine the value of a policy. CSP Evaluator checks are based on a large-scale study and are aimed to
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
GitHub - thecybertix/One-Liner-Collections: This Repositories contains list of One Liners with Descriptions and Installation requirements
Notion – The all-in-one workspace for your notes, tasks, wikis, and databases.
GitHub - ReAbout/web-sec: WEB安全手册(çº¢é˜Ÿå®‰å…¨æŠ€èƒ½æ ˆ),æ¼æ´žç†è§£ï¼Œæ¼æ´žåˆ©ç”¨ï¼Œä»£ç 审计和渗é€æµ‹è¯•æ€»ç»“。ã€æŒç»æ›´æ–°ã€‘
GitHub - joe-shenouda/awesome-cyber-skills: A curated list of hacking environments where you can train your cyber skills legally and safely
BugBountyHunting.com - A community-curated Resource for Bug Bounty Hunting
GitHub - wonda-tea-coffee/security-tips
BSCP攻略ãƒãƒ¼ãƒˆã‚·ãƒ¼ãƒˆ
GitHub - sobinge/shadow2: æ¸—é€ è¶…å…¨é¢çš„渗é€èµ„料💯 包å«ï¼š0day,xss,sql注入,ææƒâ€¦â€¦
GitHub - twseptian/oneliner-bugbounty: oneliner commands for bug bounties
T00ls/Vulns.md at main · 1amUnvalid/T00ls
DevOps-Security/88-xss/README.md at fd39f3b0c2e7ce77813948e189117cdb06c296c1 · Make-School-Courses/DevOps-Security
h_data/get/Links.txt at 895290ddf84b5fca5e831ce9815b540d41ef6c90 · mCstl/h_data
Dom XSS Scanner is History | Geeksta
GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties
GitHub - Vanshal/Bug-Hunting: The aim of this Reposiotry is to Provide the Resoursces of Learning at one place For Bug Bounty Hunters.
{{#tags}}- {{label}}
{{/tags}}