REST ã‚»ã‚ュリティã«é–¢ã™ã‚‹ãƒãƒ¼ãƒˆã‚·ãƒ¼ãƒˆ - OWASP
REST (REpresentational State Transfer) ã¯ã€ã‚·ã‚¹ãƒ†ãƒ 内ã®ã‚¨ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã‚’ URL パスè¦ç´ ã«ã‚ˆã£ã¦è¡¨ç¾ã™ã‚‹ãŸã‚ã®æ‰‹æ®µã§ã™ã€‚REST ã¯ã€ã‚¢ãƒ¼ã‚テクãƒãƒ£ã‚’指ã™è¨€è‘‰ã§ã¯ãªãã€Web 上ã®ã‚µãƒ¼ãƒ“スを構築ã™ã‚‹éš›ã®ã‚¢ãƒ¼ã‚テクãƒãƒ£ã‚¹ã‚¿ã‚¤ãƒ«ã‚’指ã™è¨€è‘‰ã§ã™ã€‚REST ã«ã‚ˆã‚‹ Web ベースã®ã‚·ã‚¹ãƒ†ãƒ ã¨ã®å¯¾è©±ã§ã¯ã€è¤‡é›‘ãªãƒªã‚¯ã‚¨ã‚¹ãƒˆæœ¬æ–‡ã‚„ POST パラメーターを使ã‚ãšã€ç°¡ç´ 化ã•ã‚ŒãŸ URL を使用ã—ã¦ã‚·ã‚¹ãƒ†ãƒ 上ã®ã‚¨ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã‚’指定ã™ã‚‹ã“ã¨ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ã“ã®ãƒ‰ã‚ュメントã¯ã€REST ベースã®ã‚µãƒ¼ãƒ“スã«å½¹ç«‹ã¤ãƒ™ã‚¹ãƒˆãƒ—ラクティスã®ã‚¬ã‚¤ãƒ‰ã¨ã—ã¦ä½¿ç”¨ã§ãã¾ã™ã€‚ èªè¨¼ã¨ã‚»ãƒƒã‚·ãƒ§ãƒ³ç®¡ç† RESTful Web サービスã§ã¯ã€POST ã«ã‚ˆã£ã¦ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒˆãƒ¼ã‚¯ãƒ³ã‚’確立ã™ã‚‹ã‹ã€ã¾ãŸã¯ POST 本文ã®å¼•æ•°ã‚„ Cookie ã¨ã—㦠API ã‚ーを使用ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒ™ãƒ¼ã‚¹ã®èªè¨¼
REST Security - OWASP Cheat Sheet Series
REST Security Cheat Sheet¶ Introduction¶ REST (or REpresentational State Transfer) is an architectural style first described in Roy Fielding's Ph.D. dissertation on Architectural Styles and the Design of Network-based Software Architectures. It evolved as Fielding wrote the HTTP/1.1 and URI specs and has been proven to be well-suited for developing distributed hypermedia applications. While REST i
CVE - CVE
TOTAL CVE Records: 225772 NOTICE: Transition to the all-new CVE website at WWW.CVE.ORG and CVE Record Format JSON are underway. NOTICE: Legacy CVE download formats deprecation is now underway and will end on June 30, 2024. New CVE List download format is available now. The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
パスワードä¸è¦ã®ãƒã‚°ã‚¤ãƒ³æ–¹æ³•ã€ŒWebAuthnã€ãŒã‚¦ã‚§ãƒ–標準ã«ãªã‚‹
World Wide Webã§ä½¿ç”¨ã•ã‚Œã‚‹å„種技術ã®æ¨™æº–化を推進ã™ã‚‹World Wide Web Consortium(W3C)ãŒã€ãƒ‘スワードä¸è¦ã®ãƒã‚°ã‚¤ãƒ³æ–¹æ³•ã€ŒWeb Authentication(WebAuthn)ã€ã‚’æ–°ãŸãªã‚¦ã‚§ãƒ–標準ã®ãƒã‚°ã‚¤ãƒ³æ–¹æ³•ã¨ã™ã‚‹ã“ã¨ã‚’決定ã—ã¾ã—ãŸã€‚ã“ã‚Œã«ã‚ˆã‚Šã€å¤šãã®ã‚¦ã‚§ãƒ–ブラウザやウェブサービスãŒã€ãƒ‘スワードを使ã‚ãªã„èªè¨¼æ–¹æ³•ã«å¯¾å¿œã™ã‚‹ã¨ã¿ã‚‰ã‚Œã¦ã„ã¾ã™ã€‚ W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Logins - FIDO Alliance https://fidoalliance.org/w3c-and-fido-alliance-finalize-web-standard-for-secure-passwordless-logins/ W3C finalizes
インテルx86マシンã®å¥¥æ·±ãã§ã¯äººçŸ¥ã‚Œãšã€ŒMINIX 3ã€ãŒå‹•ä½œã—ã¦ãŠã‚Šã€è„†å¼±æ€§ã‚’作り出ã—ã¦ã„る。Googleらã¯ãれを排除ã—よã†ã¨ã—ã¦ã„ã‚‹ ï¼ Publickey
インテルx86マシンã®å¥¥æ·±ãã§ã¯äººçŸ¥ã‚Œãšã€ŒMINIX 3ã€ãŒå‹•ä½œã—ã¦ãŠã‚Šã€è„†å¼±æ€§ã‚’作り出ã—ã¦ã„る。Googleらã¯ãれを排除ã—よã†ã¨ã—ã¦ã„ã‚‹ インテルã®x86プãƒã‚»ãƒƒã‚µã‚’用ã„ãŸã‚·ã‚¹ãƒ†ãƒ ã§ã¯ã€ãã®å¥¥æ·±ãã§äººçŸ¥ã‚ŒãšMINIX 3ã‚’å«ã‚€2ã¤ã»ã©ã®ã‚«ãƒ¼ãƒãƒ«ãŒãƒ—ãƒã‚»ãƒƒã‚µä¸Šã§ç¨¼åƒã—ã¦ã„ã‚‹OSã¨ã¯åˆ¥ã«ä½œå‹•ã—ã¦ãŠã‚Šã€ãã‚ŒãŒè„†å¼±æ€§ã‚’作り出ã—ã¦ã„ã‚‹ã¨Googleã®ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã‚‰ãŒè¦å‘Šã—ã€ãれをå–り除ã“ã†ã¨ã„ã†å‹•ãを見ã›ã¦ã„ã¾ã™ã€‚ ãã‚ŒãŒã€10月23æ—¥ã‹ã‚‰26æ—¥ã¾ã§ãƒã‚§ã‚³å…±å’Œå›½ã®ãƒ—ラãƒã§è¡Œã‚ã‚ŒãŸOpen Source Summit Europeã§Googleã®Ronald Minnichæ°ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã€ŒReplace Your Exploit-Ridden Firmware with Linuxã€ï¼ˆè„†å¼±æ€§ã«ã¾ã¿ã‚ŒãŸãƒ•ã‚¡ãƒ¼ãƒ ウェアをLinuxã§ç½®ãæ›ãˆã‚‹ï¼‰ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã§èª¬æ˜Žã•ã‚ŒãŸã“ã¨ã§ã—ãŸã€‚ ã“れをã€æµ·å¤–ã®ãƒ¡ãƒ‡ã‚£ã‚¢
SHA1ã§ãƒãƒƒã‚·ãƒ¥åŒ–ã—ãŸãƒ‘スワードã¯å±é™ºã«ãªã£ãŸ
(Last Updated On: 2018å¹´4月3æ—¥)パスワードを平文ã§ä¿å˜ã™ã‚‹ã®ã¯è«–外ã§ã€MD5ã‚„SHA1ã§ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ã®ã¯å½“ãŸã‚Šå‰ã§ã™ã€‚ã—ã‹ã—ã€SHA1ã‚’2000å€æ—©ãクラックã™ã‚‹æ–¹æ³•ãªã©ãŒç™ºè¦‹ã•ã‚Œã€ŒSHA1ã¯è„†å¼±ã ã€ï¼ˆã¡ãªã¿ã«MD5ã¯ã‚‚ã£ã¨å±é™ºï¼‰ã¨ã•ã‚Œã¦ã‹ã‚‰ã—ã°ã‚‰ã経ã¡ã¾ã™ã€‚アメリカ政府や大手ä¼æ¥ã¯SHA1ã¯ä½¿ã‚ãªã„ã€ã¨ã—ã¦ã„ã¾ã™ã€‚ Slashdot.orgã«ã¾ãŸè¼‰ã£ã¦ã„ã‚‹ã®ã§æ›´ã«é«˜é€ŸåŒ–ã§ããŸã€ã¨ã„ã†ã“ã¨ã‹? å‚考: Rainbowテーブルã«ã‚ˆã‚‹MD5ãƒãƒƒã‚·ãƒ¥ã®ã‚¯ãƒ©ãƒƒã‚¯ï¼ˆè‹±èªžï¼‰ Rainbowテーブルã«ã‚ˆã‚‹SHA1ãƒãƒƒã‚·ãƒ¥ã®ã‚¯ãƒ©ãƒƒã‚¯ï¼ˆè‹±èªžï¼‰ å‰ã®ã‚¨ãƒ³ãƒˆãƒªÂ PostgreSQLã§SHA1 ã§PostgreSQLã§SHA1を使ã†æ–¹æ³•ã®ä¸€ã¤ã‚’紹介ã—ã¦ã„ã¾ã™ãŒå¯èƒ½ã§ã‚ã‚Œã°SHA512ãªã©ã€ã‚ˆã‚Šå¼·ã„ãƒãƒƒã‚·ãƒ¥é–¢æ•°ã‚’利用ã—ãŸã‚Šã€Saltを利用ã™ã‚‹ã€ç‰ã®æ–¹æ³•ã‚’採用ã—ãŸæ–¹ãŒè‰¯ã„ã¨æ€ã„ã¾ã™ã€‚ 備考:
Paros使ã£ã¦ã¿ãŸ - Do You PHP ã¯ã¦ãƒ–ãƒ
プãƒã‚シ型脆弱性スã‚ャナã®1ã¤ã§ã‚ã‚‹Parosを使ã£ã¦ã¿ã¾ã—ãŸã€‚ We wrote a program called "Paros" for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified. ParosãŒãƒã‚§ãƒƒã‚¯ã™ã‚‹å†…容ã¯ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚¬ã‚¤ãƒ‰ã«ã‚ˆã‚‹ã¨ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚ HTTP PUT allowed - chec
2008-11-02
ã¡ã‚‡ã£ã¨ä½œæˆã—ãŸWebアプリケーションã«è„†å¼±æ€§ãŒã‚ã‚‹ã‹ã‚’ãã¡ã‚“ã¨ãƒã‚§ãƒƒã‚¯ã—ãªã„ã¨ã„ã‘ãªã„羽目ã«ãªã£ãŸã®ã§èª¿ã¹ã¦ã¿ãŸï¼Ž 出æ¥ã‚Œã°ãƒ•ãƒªãƒ¼ã§ï¼Œç„¡ã‘ã‚Œã°æœ‰å„Ÿã§ã‚‚ã„ã„ã®ã§ï¼Žã„や,やã£ã±ã‚Šãƒ•ãƒªãƒ¼ã§ï¼Žï¼Žï¼Ž 調ã¹ã¦å®Ÿéš›ã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã‚„使ã£ã¦ã¿ãŸé †ã«è¼‰ã›ã¦ã¿ã¾ã™ï¼Ž Nessus http://www.nessus.org/nessus/ フリーã§ã¯ä¸€ç•ªä½¿ã„ã‚„ã™ã„サーãƒè„†å¼±æ€§è¨ºæ–ツールã‹ãªï¼Žæœ‰åã ã—. ã§ã‚‚サーãƒã®è„†å¼±æ€§è¨ºæ–ã¨ã„ã†ä½ç½®ã¥ã‘ãŒå¼·ã„ MultiInjector released - automatic parallel website Injector / Defacer http://chaptersinwebsecurity.blogspot.com/2008/10/multiinjector-released-automatic.html Pythonã®2.4以上ã§å‹•ä½œ Windowsã§ã‚‚使
ãŠå‰ã“ã®ã‚µãƒ–ãƒãƒƒãƒˆã§ã‚‚åŒã˜äº‹è¨€ãˆã‚“ã®ï¼Ÿ - 知らãªã„ã‘ã©ãã£ã¨ãã†ã€‚
,ã€,, ,ã€,, ,, ,, _,,;' '" '' ã‚›''" ã‚›' ';;,, (rヽ,;''"""''゛゛゛'';, ノr) ,;'ã‚› i _  ã€ï¼¿ iヽ゛';, ,;'" ''| ヽ・〉 〈・ノ |゙゛ `';, ,;'' "|   ▼   |゙゛ `';, ,;''  ヽ_人_ /  ,;'_ ï¼ï½¼ã€ã€€ ヽ⌒⌒ /   リ \ |   "ï½’,, `"'''゙´  ,,ï¾ã‚›ã€€ã€€ | |      リã€ã€€ã€€ã€€ã€€,リ    | |   i   ゛rã€ï¾‰,,ï½’" i   _| |   `ー――----â”´ ⌒´ ) (ヽ  ______ ,, _´) (_⌒ ______ ,, ã‚£ ä¸ã€€ã€€ã€€ã€€ã€€ã€€ã€€ã€€ã€€ã€€ | |           | å‰å›žã®ã‚¨ãƒ³ãƒˆãƒª ã§è»½ã触れã¾ã—ãŸãŒã€ARPスプーフィングを用ã„ã‚‹ã¨ã€ã‚µãƒ–ãƒãƒƒãƒˆå†…ã‹ã‚‰ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã‚²ãƒ¼ãƒˆã‚¦ã‚§ã‚¤ã‚’通ã£ã¦å¤–ã«å‡ºã¦è¡Œãã¯ãšã®ãƒ‘ケットをã€è‡ªåˆ†ã®ãƒ›
RealVNC® - Remote access software for desktop and mobile | RealVNC
Secure to the core Keep your systems safe with full session encryption, granular permission controls, and authentication options that ensure complete control of remote access. Get Started Now A single solution for every device Simplify your setup and consolidate tools with one solution that works across major desktop and mobile operating systems. Get Started Now Customized to your needs Meet the d
自宅サーãƒãƒ¼ã‚’構築ã—よã†
当サイトã¯ã€ã€Œè‡ªå®…ã§ã‚µãƒ¼ãƒãƒ¼ã‚’構築ã™ã‚‹ï¼ˆwindows)ã€ã¨ã„ã†äº‹ã«ç„¦ç‚¹ã‚’ãŠã„ã¦è‡ªå®…サーãƒãƒ¼æ§‹ç¯‰ã®æ‰‹é †ã‚’説明ã—ã¦ã„ãã¾ã™ã€‚サーãƒãƒ¼ã‚’構築ã™ã‚‹ãªã‚‹ã¨ä¸€è¦‹ã€é›£ã—ãã†ã«æ€ãˆã‚‹ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“ãŒã€å®Ÿã¯ãã‚“ãªã«é›£ã—ã„ã“ã¨ã§ã¯ã‚ã‚Šã¾ã›ã‚“。ã¡ã‚‡ã£ã¨æ°—ã«ãªã‚‹ç¶æŒè²»ãªã©ã‚‚電気代を除ã‘ã°ä¸€åˆ‡ã‹ã‹ã‚‰ãšã€ã‚µãƒ¼ãƒãƒ¼ã‚¦ã‚§ã‚¢ã‚‚å…¨ã¦ãƒ•ãƒªãƒ¼ã§åˆ©ç”¨ã§ãã‚‹ã®ã§å€‹äººã§ã‚‚比較的ã€å®¹æ˜“ã«ã‚µãƒ¼ãƒãƒ¼ã‚’構築ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ã‚‚ã¯ã‚„ã€ä»Šã¨ãªã£ã¦ã¯ã‚µãƒ¼ãƒãƒ¼æ§‹ç¯‰ã®æ•·å±…ã¯æ ¼æ®µã«ä½Žããªã£ã¦ããŸã®ã§ã™ã€‚ã¨ã¯è¨€ã£ã¦ã‚‚ã€ã‚µãƒ¼ãƒãƒ¼ã‚’構築をã™ã‚‹ãŸã‚ã«ã¯ã€ã€Œã‚µãƒ¼ãƒãƒ¼ã®ä»•çµ„ã¿ã€ã€ã€Œã‚»ã‚ュリティ対ç–ã€ã€ã€Œãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ï¼ˆTCP/IP)ã€ã«ã¤ã„ã¦ã®æœ€ä½Žé™ã®çŸ¥è˜ãŒä¸å¯æ¬ ã§ã™ã€‚ã¾ãŸã€ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆçŠ¯ç½ªã«å·»ãè¾¼ã¾ã‚Œãªã„ãŸã‚ã«ã‚‚ã€ã‚»ã‚ュリティ対ç–ã«ã‚‚真剣ã«å–り組ã¾ãªãã¦ã¯ãªã‚Šã¾ã›ã‚“。特ã«ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã®åŸºç¤ŽãŒã—ã£ã‹ã‚Šã§ãã¦ã„ã‚Œã°ã€ãƒˆãƒ©ãƒ–ルシューティングã«ã‚‚æ–然強ããªã‚Šã¾ã™ã€‚当サ
ãƒã‚¤ãƒ‘ーボックスã€ã‚±ãƒ¼ã‚¿ã‚¤ã‚µã‚¤ãƒˆã®ã€Œæš—å·ã®2010å¹´å•é¡Œã€å½±éŸ¿è§£æžã‚µãƒ¼ãƒ“ス
ãƒã‚¤ãƒ‘ーボックスã¯4月23æ—¥ã€ã€Œæš—å·ã®2010å¹´å•é¡Œã€ã®å½±éŸ¿ç¯„囲を解æžã™ã‚‹ã€Œãƒ¢ãƒã‚¤ãƒ«ã‚¢ã‚¯ã‚»ã‚¹è§£æžã‚µãƒ¼ãƒ“スã€ã®æ供を開始ã—ãŸã€‚ æš—å·ã®2010å¹´å•é¡Œã¨ã¯ã€ç±³å›½ç«‹æ¨™æº–æŠ€è¡“ç ”ç©¶æ‰€ï¼ˆNIST)ãŒ2010年末ã«å®Ÿæ–½ã‚’予定ã™ã‚‹æš—å·æŠ€è¡“ã®å®‰å…¨æ€§åŸºæº–ã®å¤‰æ›´ã«ã‚ˆã‚Šæƒ³å®šã•ã‚Œã‚‹ã‚»ã‚ュリティ製å“ã¸ã®å½±éŸ¿ã®ã“ã¨ã€‚ æš—å·åŒ–ã®åŸºæº–ã§ã‚ã‚‹RSAéµãŒ1024bitã‹ã‚‰2048bitã¸ã®å¤‰æ›´ã•ã‚Œã‚‹ã“ã¨ã§ã€NTTドコモã®ç¬¬2世代端末(mova)ã§ã¯SSLæš—å·åŒ–通信ã®å‡¦ç†ã«å•é¡ŒãŒç™ºç”Ÿã—ã€ç´„240万人ã®mova利用者ãŒãƒãƒƒãƒˆã«æŽ¥ç¶šã§ããªããªã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹ã¨ã„ã†ã€‚ã¾ãŸã€ã‚½ãƒ•ãƒˆãƒãƒ³ã‚¯ã®3G端末ã®ä¸€éƒ¨ã§ã‚‚ã€SSLæš—å·åŒ–通信ãŒåˆ©ç”¨ä¸å¯ã¨ãªã‚‹è¦‹é€šã—ã 。 今回ã®ãƒ¢ãƒã‚¤ãƒ«ã‚¢ã‚¯ã‚»ã‚¹è§£æžã‚µãƒ¼ãƒ“スã§ã¯ã€è‡ªç¤¾ã‚µã‚¤ãƒˆã«æºå¸¯é›»è©±ã‹ã‚‰ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã„るユーザーã®ä¸ã§ã€æš—å·ã®2010å¹´å•é¡Œã®å½±éŸ¿ã‚’å—ã‘るユーザーãŒã©ã®ç¨‹åº¦å˜åœ¨ã™ã‚‹ã‹ãªã©ã‚’測定ã§ãã‚‹ã¨ã„ã†ã€‚サービス
1
ランã‚ング
ランã‚ング
ランã‚ング
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
AMI-based product requirements for AWS Marketplace - AWS Marketplace
Google Code Archive - Long-term storage for Google Code Project Hosting.
データベースセã‚ュリティガイドライン 第2.0版
The History of the URL: Path, Fragment, Query, and Auth - Eager Blog
{{#tags}}- {{label}}
{{/tags}}