[B! security] rin1024ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

rin1024 id:rin1024

securityã«é–¢ã™ã‚‹rin1024ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (8)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

å¾³ä¸¸æœ¬ã«è¼‰ã£ã¦ã„ãªã„Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£
ã‚ªã‚¹ã‚¹ãƒ¡ã®Javaãƒã‚°ç®¡ç†æ‰‹æ³• ï½žã‚³ãƒ³ãƒ†ãƒŠç·¨ï½žï¼ˆOpen Source Conference 2022 Online/Spring ç™ºè¡¨è³‡æ–™ï¼‰
rin1024 2012/04/25
security

php

ajax
ãƒªãƒ³ã‚¯
ã‚¦ã‚§ãƒ–ã‚¢ãƒ—ãƒªã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚’ã¡ã‚ƒã‚“ã¨çŸ¥ã‚ã†
PHP Now and Then 2012 at PHP Conference 2012, Tokyo Japan (in japanese)
rin1024 2011/09/18
server

security
ãƒªãƒ³ã‚¯
Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³å‘ã‘ã®è‡ªå‹•ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚¹ã‚ãƒ£ãƒŠã€ŒSkipfishã€ã‚’è©¦ã—ã¦ã¿ã¾ã—ãŸ
ã“ã‚“ã«ã¡ã¯ã€ä¸å·ã§ã™ã€‚ å…ˆæ—¥ã€Googleã‹ã‚‰Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³å‘ã‘ã®è‡ªå‹•ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚¹ã‚ãƒ£ãƒŠã€ŒSkipfishã€ãŒå…¬é–‹ã•ã‚ŒãŸã®ã§ã€ç¤¾å†…ã§åˆ©ç”¨ã—ã¦ã„ã‚‹CakePHPã®ã‚¢ãƒ—ãƒªã§è©¦ã—ã¦ã¿ã¾ã—ãŸã€‚ Skipfish( http://code.google.com/p/skipfish/ )ã¯ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®è„†å¼±æ€§ã€SQLã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã‚„ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ç‰ã‚’è‡ªå‹•çš„ã«æ¤œå‡ºã—ã¦ãã‚Œã‚‹Apache License 2.0ã®ãƒ©ã‚¤ã‚»ãƒ³ã‚¹ã§å…¬é–‹ã•ã‚Œã¦ã„ã‚‹ã‚ªãƒ¼ãƒ—ãƒ³ã‚½ãƒ¼ã‚¹ã®ãƒ„ãƒ¼ãƒ«ã§ã™ã€‚ å¿…è¦ãªãƒ©ã‚¤ãƒ–ãƒ©ãƒªã¯ä»¥ä¸‹ã¨ã®ã“ã¨ã€‚ *Â GNUÂ CÂ Compiler *Â GNUÂ Make *Â GNUÂ CÂ LibraryÂ (includingÂ developmentÂ headers) *Â zlibÂ (includingÂ developmentÂ headers) *Â OpenSSLÂ (including
rin1024 2011/09/09
security
ãƒªãƒ³ã‚¯
skipfish web application security scanner
Code Archive Skip to content Google About Google Privacy Terms
rin1024 2011/07/13
security
ãƒªãƒ³ã‚¯
â€œå®Œç’§ãªWAFâ€ã«å¦ã¶WAFã®é˜²å¾¡æˆ¦ç•¥ - ockeghem's blog
ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£Expert 2010ã«å¤§æ²³å†…æ™ºç§€æ°ãŒã€Œç¾çŠ¶ã®èª²é¡Œã¨â€œå®Œç’§ãªWAFâ€ã€ã¨é¡Œã—ã¦å¯„ç¨¿ã•ã‚Œã¦ã„ã‚‹ã€‚å¤§å¤‰èˆˆå‘³æ·±ã„å†…å®¹ã§ã‚ã‚‹ã®ã§ã€ã“ã®å¯„ç¨¿ã‚’ãªãžã‚ŠãªãŒã‚‰ã€WAFã®é˜²å¾¡æˆ¦ç•¥ã«ã¤ã„ã¦æ¤œè¨Žã—ã¦ã¿ãŸã„ã€‚ ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°(XSS)ã«å¯¾ã™ã‚‹é˜²å¾¡ å¤§æ²³å†…æ°ã®å¯„ç¨¿ã®å‰åŠã¯ã€ç¾çŠ¶ã®WAFã®èª²é¡Œã¨ã—ã¦ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã«å¯¾ã™ã‚‹æ”»æ’ƒã®å¤šãï¼ˆå¤§åŠï¼‰ãŒWAFã®ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆè¨å®šã§ã¯é˜²å¾¡ã§ããªã„ã¨æŒ‡æ‘˜ã™ã‚‹ã€‚ä¾‹ãˆã°ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°(XSS)ã«é–¢ã—ã¦ã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ãªæŒ‡æ‘˜ãŒã‚ã‚‹ã€‚ ä»®ã«scriptã‚’ãƒ–ãƒ©ãƒƒã‚¯ãƒªã‚¹ãƒˆã«æŒ‡å®šã—ãŸã¨ã—ã¾ã—ã‚‡ã†ã€‚ãã‚Œã§ã‚‚ã¾ã ä¸ååˆ†ã§ã™ã€‚<IMG>ã‚¿ã‚°ã§XSSãŒç™ºå‹•ã™ã‚‹ã“ã¨ã‚’ã”å˜ã˜ã§ã—ã‚‡ã†ã‹ï¼Ÿãƒ—ãƒã‚°ãƒ©ãƒ ãªã©ã§ã¯<IMG>ã‚¿ã‚°ã¯ç”»åƒæ·»ä»˜ã«å¿…é ˆã§ã‚ã‚Šã€WAFã§ç¦æ¢ã™ã‚‹ã“ã¨ã¯é›£ã—ã„ã®ãŒå®Ÿæƒ…ã§ã€ãƒ–ãƒ©ãƒƒã‚¯ãƒªã‚¹ãƒˆæ–¹å¼ã®èª²é¡Œã¨ãªã£ã¦ã„ã¾ã™ã€‚ ã€Œç¾çŠ¶ã®èª²é¡Œã¨â€œå®Œç’§ãªWAFâ€ã€ã‚ˆã‚Šå¼•
rin1024 2010/05/10
security
ãƒªãƒ³ã‚¯
XSS (Cross Site Scripting) Cheat Sheet
XSS (Cross Site Scripting) Cheat Sheet Esp: for filter evasion By RSnake Note from the author: XSS is Cross Site Scripting. If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you. This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to
rin1024 2010/05/10
xss

security
ãƒªãƒ³ã‚¯
UTF-8ã®å†—é•·ãªã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã¨ã¯ä½•ã§ã€ãªã‚“ã§ãã‚ŒãŒã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£çš„ã«å±ãªã„ã®ã‹ï¼Ÿã‚’æ–‡å—ã‚³ãƒ¼ãƒ‰çŸ¥è˜ãƒ¬ãƒ´ã‚§ãƒ«3ãã‚‰ã„ã®å‡¡ãƒ—ãƒã‚°ãƒ©ãƒžãŒè€ƒãˆã¦ã¿ã‚‹ - tohokuaikiã®ãƒãƒ©ã‚·ã®è£
ä½•æ•…ã‹ã‚ãŸã‚Šå‰ã«ãªã‚‰ãªã„æ–‡å—ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ãƒãƒªãƒ‡ãƒ¼ã‚·ãƒ§ãƒ³ | yohgaki's blog ã£ã¦ã‚ã‚‹ã‚ˆã†ã«ã€ã„ã¾ã„ã¡æ–‡å—ã‚³ãƒ¼ãƒ‰ã®ä¸æ£ãªåˆ¤å®šã«ã‚ˆã‚‹å±é™ºæ€§ã£ã¦ã®ãŒåˆ†ã‹ã£ã¦ãªã„ã€‚ SJISã®å•é¡Œã¯ã€ï¼ˆ2/3ï¼‰SQLã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã‚’æ ¹çµ¶ï¼ã‚»ã‚ãƒ¥ã‚¢é–‹ç™ºã®æ¥µæ„ - ç¬¬5å›žâ– æ³¨ç›®ã•ã‚Œã‚‹æ–‡å—ã‚³ãƒ¼ãƒ‰ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å•é¡Œï¼šITproã®è¨˜äº‹ãŒã‚ã‹ã‚Šã‚„ã™ã‹ã£ãŸã€‚ ã¨ã„ã†ã‹ã€ã‚„ã£ã±ã‚ŠPHPä½¿ã£ã¦ã‚‹ã¨èª°ã§ã‚‚ä¸€åº¦ã¯ã€Œãªã‚“ã˜ã‚ƒã“ã®ã€Žï¿¥ã€ã¯ï¼Ÿã€ã£ã¦æ€ã†ã‚‚ã‚“ãªã‚“ã§ã€‚ ãªã‚‹ã»ã©ã€ç¢ºã‹ã«â†“ã®å›³ã®ã‚ˆã†ã«ã€Œã‚ã‚‹ãƒã‚¤ãƒˆã€ãŒ2ã¤ã®æ„å‘³ã‚’æŒã¤ã£ã¦ã„ã†æ–‡å—ã‚³ãƒ¼ãƒ‰å½¢æ…‹ã¯ã‚„ã°ã„ã‚“ã ãªã¨ã€‚ EUC-JPã¯ãã‚“ãªã“ã¨ã¯ã—ãªã„ã§ã€1ã¤ã®ãƒã‚¤ãƒˆã«ã¯1ã¤ã®æ„å‘³ã—ã‹å–ã‚‰ã›ãªã„ã€‚ ã ã‘ã©ã€ã“ã‚Œã§ã‚‚æ–‡å—åŒ–ã‘ãŒèµ·ã“ã‚‹ã“ã¨ãŒã‚ã‚‹ã€‚çµŒé¨“çš„ã«ã¯ã€ã€Œãƒžãƒ«ãƒãƒã‚¤ãƒˆã‚’XXæ–‡å—ã§åˆ‡ã‚Šè½ã¨ã—ãŸã„ã€ã¨ã‹ã‚„ã£ãŸå ´åˆã€‚ã¡ã‚ƒã‚“ã¨æ–‡å—ã‚³ãƒ¼ãƒ‰ã‚’åˆ¤å®šã—ã¦ãã‚Œã‚‹PHPã§ã„ãˆã°mb_subst
rin1024 2009/09/13
php

encode

security
ãƒªãƒ³ã‚¯
ç¬¬1å›žã€€UTF-7ã«ã‚ˆã‚‹ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°æ”»æ’ƒï¼»å‰ç·¨ï¼½ | gihyo.jp
ã¿ãªã•ã‚“ã€ã¯ã˜ã‚ã¾ã—ã¦ã€‚ã¯ã›ãŒã‚ã‚ˆã†ã™ã‘ã¨ç”³ã—ã¾ã™ã€‚ æœ€è¿‘ã€æ–‡å—ã‚³ãƒ¼ãƒ‰ã¨é–¢é€£ã—ãŸã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®è©±é¡Œã‚’ç›®ã«ã™ã‚‹ã“ã¨ãŒå¢—ãˆã¦ãã¾ã—ãŸã€‚æ–‡å—ã‚³ãƒ¼ãƒ‰ã‚’åˆ©ç”¨ã—ãŸæ”»æ’ƒã¯æŠ€è¡“çš„ã«æœªé–‹æ‹“ã¨ã„ã†ã“ã¨ã‚‚ã‚ã‚Šã€å‚è€ƒã¨ãªã‚‹æƒ…å ±ãŒãªã‹ãªã‹è¦‹å½“ãŸã‚Šã¾ã›ã‚“ã€‚ã“ã®é€£è¼‰ã§ã¯ã€æ–‡å—ã‚³ãƒ¼ãƒ‰ã‚’åˆ©ç”¨ã—ãŸæ”»æ’ƒã‚„ãã‚Œã«å¯¾ã™ã‚‹å¯¾ç–ã«ã¤ã„ã¦æ£ã—ã„çŸ¥è˜ã‚’è§£èª¬ã—ã¦ã„ãã¾ã™ã€‚ æ–‡å—ã‚³ãƒ¼ãƒ‰ã¨ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãŒé–¢é€£ã™ã‚‹ã‚‚ã£ã¨ã‚‚å¤§ããªç‚¹ã¯ã€ã‚„ã¯ã‚Šæ–‡å—åˆ—ã®æ¯”è¼ƒã§ã—ã‚‡ã†ã€‚ã€Œâ å±é™ºãªæ–‡å—åˆ—ã®æ¤œå‡ºã€ã€Œâ å®‰å…¨ãªæ–‡å—åˆ—ã§ã‚ã‚‹ã“ã¨ã®ç¢ºèªã€ã¨ã„ã£ãŸæ–‡å—åˆ—ã®æ¯”è¼ƒã¯ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚’è€ƒãˆã‚‹ã†ãˆã§é¿ã‘ã¦é€šã‚Œãªã„å‡¦ç†ã ã¨æ€ã„ã¾ã™ã€‚ æ–‡å—åˆ—ã®æ¯”è¼ƒã«ãŠã„ã¦ã¯ã€å˜ç´”ã«ãƒã‚¤ãƒˆåˆ—ã‚’æ¯”è¼ƒã™ã‚‹ã ã‘ã§ã¯ä¸ååˆ†ã§ã€æ–‡å—åˆ—ãŒãƒ¡ãƒ¢ãƒªä¸Šã§ã©ã®ã‚ˆã†ãªãƒã‚¤ãƒˆåˆ—ã¨ã—ã¦æ ¼ç´ã•ã‚Œã¦ã„ã‚‹ã®ã‹ï¼ˆã“ã®ãƒ«ãƒ¼ãƒ«ã‚’ç¬¦å·åŒ–æ–¹å¼ã‚ã‚‹ã„ã¯æ–‡å—ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã¨è¨€ã„ã¾ã™ï¼‰ã«æ³¨æ„ã—ãªã‘ã‚Œã°ãªã‚‰ãªã„ã“ã¨ã‚‚ã‚ã‚‹ã§ã—ã‚‡ã†ã€‚æ”»æ’ƒè€…ã¯å·§ã¿ã«æ–‡å—
rin1024 2009/04/05
security

ie
ãƒªãƒ³ã‚¯
1