¥Í¥Ã¥È¥ï¡¼¥¯¥×¥í¥°¥é¥ß¥ó¥°ÆÃÏÀ
|
|
|
- つづる たみや
- 7 years ago
- Views:
Transcription
1 6 : JavaScript 2 : Web Web HTTPS : Web : Web, Internet Week 1 / 23
2 2 / 23
3 Web Web : HTTP: ( ) TCP: IP: ( ) Web 3 / 23
4 Basic (base64 ) ( ) Digest md5 Basic (nonce) hidden <input type="hidden" name="sessionid" value="nnnnn"> POST sessionid=nnnnn Cookie Set-Cookie: sessionid=nnnnn sessionid 4 / 23
5 Web XSS (Cross Site Scripting) CSRF (Cross Site Request Forgery) 5 / 23
6 URL ID Referer URL ID hidden POST Referer Cookie POST Cookie (MD5) MD5 MD5 6 / 23
7 Cookie Cookie + : ID ID ID Set-Cookie: secure cookie https (rails ) 7 / 23
8 XSS (Cross Site Scripting) : Cookie JavaScript API SQL ( ) 8 / 23
9 XSS (JSP): <% String comment=request.getparameter("comment"); %> <div> <%= comment =%> </div> : src=" : <div> <script src=" </div> script HTML DOM 9 / 23
10 CSRF (Cross Site Request Forgery) Session Riding : 10 / 23
11 CSRF A: GET A/?comment=good cookie B: <a href=" bad JavaScript POST onload Cookie 11 / 23
12 CSRF ( POST ) POST hidden ID ( hidden ) (OK ) 12 / 23
13 : JSON JavaScript onerror setter <script src=...> script src JSON JSONP JS setter onerror 13 / 23
14 : <f,g> f(g(x))=x [ ] A 1 g f 2 g 4 ( ) 5 f B 3 g [ ( )] A B 1 f g 2 f 3 g = 4 + ( ) 5 f 6 14 / 23
![g [ ( )] A B 1 f g 2 f 3](/docs-images/52/20130419/images/page_14.jpg "g = 4 + ( ) 5 f 6 14 /")
15 : HTTPS HTTPS = HTTP over TLS (Transport Layer Security) HTTP TLS TCP HTTP identify TCP (Web ) (http GET https ) CA identification 15 / 23
16 TLS ( ) ( ) ID 16 / 23
17 TLS RFC 2246 (v1.0), 4346 (v1.1), 5246 (v1.2) 1 / 2 (= CA ) 3 4 HTTP 17 / 23
18 ( ) ClientHello > < ServerHello < Certificate < ServerHelloDone ClientKeyExchange > ChangeCipherSpec > Finished > < ChangeCipherSpec < Finished Application Data < > Application Data ClientHello: Session ID ServerHello: Session ID Certificate: ClientKeyExchange: ( ) ChangeCipherSpec: Finished: ( ) 18 / 23
19 ClientHello > < ServerHello < ChangeCipherSpec < Finished ChangeCipherSpec > Finished > Application Data < > Application Data Session ID ClientHello ServerHello Session ID Session ID 24 http 19 / 23
20 POODLE(Padding Oracle On Downgraded Legacy Encryption) SSLv3 : 1 P 1...P n C 1...C n 2 Padding +Padding 3 : P i=decrypt(c i) C i 1 : 1 C n Padding +Padding 2 Ci Cn 3 P n =Decrypt(C i ) P n 1 4 P n 1 Padding 1/ Decrypt(C i) = P n Pn 1 [ 1 ]! 7 P i =Decript(C i ) P i 1 [ 1 ]!! 8 P i 1 20 / 23
21 HTTPS 1:TCP 3-way handshake + TLS 3-way handshake 2:https - CSP : Session Resumption (Session Cache) Session Tickets: Stateless OCSP (Online Certificate Status Protocol) Stapling: False Start: ALPN? 21 / 23
22 EV (Extended Validation): https HSTS (HTTP Strict Transport Security): HTTPS Upgrade Insecure Requests: http https Opportunistic Security for HTTP: HTTP Let s Encrypt: 22 / 23
23 : HSTS super cookie sub_domain00.domain/ sub_domain01.domain/ sub_domain02.domain/... sub_domain1f.domain/ 32 HTTP 32bit 1 sub domain i HSTS https 32 http 0 https 1 23 / 23
第2回_416.ppt
3 2 2010 4 IPA Web http://www.ipa.go.jp/security/awareness/vendor/programming Copyright 2010 IPA 1 2-1 2-1-1 (CSRF) 2-1-2 ID 2-1-3 ID 2-1-4 https: 2-1-5 ID 2-1-6 2-1-7 2-2 2-2-1 2-2-2 2-3 2 2-3-1 Web Copyright
pkiday_tls13.key
ClientHello ClientKeyExchange ChangeCipherSpec Finished Application Data ServerHello Certificate ServerHelloDone ChangeCipherSpec Finished Application Data ClientHello Finished Application Data ServerHello
HTTP Web Web RFC2616 HTTP/1.1 Web Apache Tomcat (Servlet ) XML Xindice Tomcat 6-2
HTTP 6-1 HTTP Web Web RFC2616 HTTP/1.1 Web Apache Tomcat (Servlet ) XML Xindice Tomcat 6-2 HTTP ( ) ( ) (GET, POST ) (Host ) Tomcat Servlet Examples / Request Headers ( ) (200, 404 ) (Content-Type ) 6-3
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 3 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved.
2006 12 14 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 2 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 3 Copyright 2006 Mitsui Bussan Secure Directions,
TLS 1.2 TLS TLS iijlab-seminar pd
TLS 1.3 2018.2.14 @kazu_yamamoto 1 TLS 1.2 TLS https://www.iij.ad.jp/dev/report/iir/031/03_01.html TLS 1.3 http://seminar-materials.iijlab.net/iijlab-seminar/ iijlab-seminar-20170110.pdf HTTPS SEO https://employment.en-japan.com/engineerhub/
Adobe AIR のセキュリティ
ADOBE AIR http://help.adobe.com/ja_jp/legalnotices/index.html iii................................................................. 1.....................................................................
http://banso.cocolog-nifty.com/ 100 100 250 5 1 1 http://www.banso.com/ 2009 5 2 10 http://www.banso.com/ 2009 5 2 http://www.banso.com/ 2009 5 2 http://www.banso.com/ < /> < /> / http://www.banso.com/
n=360 28.6% 34.4% 36.9% n=360 2.5% 17.8% 19.2% n=64 0.8% 0.3% n=69 1.7% 3.6% 0.6% 1.4% 1.9% < > n=218 1.4% 5.6% 3.1% 60.6% 0.6% 6.9% 10.8% 6.4% 10.3% 33.1% 1.4% 3.6% 1.1% 0.0% 3.1% n=360 0% 50%
ict8.key
Cookie Web HTTP HTTP stateless HTTP A A B, C B C cookie (RFC2965/6265) HTTP Javascript URL Web Web Cookie HTTP Cookie Cookie Cookie 1 Cookie Cookie Cookie Cookie Cookie Cookie Cookie Cookie 1) Web Cookie
¥Í¥Ã¥È¥ï¡¼¥¯¥×¥í¥°¥é¥ß¥ó¥°ÆÃÏÀ
2 : TCP/IP : HTTP HTTP/2 1 / 22 httpget.txt: http.rb: ruby http get Java http ( ) HttpURLConnection 2 / 22 wireshark httpget.txt httpget cookie.txt ( ) telnet telnet localhost 80 GET /index.html HTTP/1.1
2.SSL/TLS と暗号プロトコルの安全性 恒久的に噴出する脆弱性との戦い クライアント ClientKeyExchange Verify ServerKeyExchange Request Done Request サーバ X Master Secret CCS MAC 図 -1 図
小特集暗号と社会の素敵な出会い 2.SSL/TLS と暗号プロトコルの安全性 恒久的に噴出する脆弱性との戦い 基応専般 須賀祐治 (( 株 ) インターネットイニシアティブ / 筑波大学 ) SSL Secure Socket Layer /TLS Transport Layer Security SSL/TLS TLS TLS IETF Internet Engineering Task Force
2.1... 1 2.1.1.1... 1 (1). 1 (2)... 1 (3)... 1 2.1.1.2... 1 (1)... 1 (2)... 1 (3)... 1 2.1.1.3... 1 (1)... 1 (2)... 1 (3)... 1 2.1.1.4... 2 2.1.1.5... 2 2.2... 3 2.2.1... 3 2.2.1.1... 3... 3... 3 (1)...
5-5_arai_JPNICSecSemi_XssCsrf_CM_ PDF
XSS + CSRF JPNIC JPCERT/CC 2005 Web 2005 10 6 IS Copyright 2005 SECOM Co., Ltd. All rights reserved. 1 XSS + CSRF Web Web Web (Web, DB, ) Copyright 2005 SECOM Co., Ltd. All rights reserved. 2 SQL XSS Copyright
25 About what prevent spoofing of misusing a session information
25 About what prevent spoofing of misusing a session information 1140349 2014 2 28 Web Web [1]. [2] SAS-2(Simple And Secure password authentication protocol, ver.2)[3] SAS-2 i Abstract About what prevent
untitled
200 7 19 JPCERT [2007 2 4 6 ] IPA JPCERT JPCERT/CC 2007 2 4 6 1 2 1. 2007 2 1 2007 4 1 6 30 IPA 46 95 141 2004 7 8 501 940 1,441 3 2 (1) 3 2004 7 8 1 2007 2 1.98 1 2005/1Q 2005/2Q 2005/3Q 2005/4Q 2006/1Q
Phishing対策のためのMutualアクセス認証 〜 MutualTestFoxの公開について 〜
Mozilla Party 9.0 2008 5 31 MutualTestFox Phishing Mutual Phishing MutualPhishing WebMutual BasicDigest HTML Form 2 3 4 5 4 22 MutualTestFox 3.0!5+draft02.0 (r718) mod_auth_mutual (r718) 5 8 (r736) J(pi)
untitled
280 200 5 7,800 6 8,600 28 1 1 18 7 8 2 ( 31 ) 7 42 2 / / / / / / / / / / 1 3 (1) 4 5 3 1 1 1 A B C D 6 (1) -----) (2) -- ()) (3) ----(). ()() () ( )( )( )( ) ( ) ( )( )( )( ) () (). () ()() 7 () ( ) 1
FileMaker Server Getting Started Guide
FileMaker Server 13 2007-2013 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker Bento FileMaker, Inc. FileMaker WebDirect Bento FileMaker,
Web SOAP Internet Web REST SOAP REST 3 REST SOAP 4
XML Day Web2.0 REST SOAP SOAP REST WADL, WSDL2.0 REST SOAP " " 2006 12 11 XML Web2.0 SOAP REST 2 Web SOAP Internet Web REST SOAP REST 3 REST SOAP 4 REST Representational State Transfer REST Web URL XML
shio_20041004.PDF
JPNIC JPCERT/CC 2004 Web 2004 10 4 Web Web Web WASC Web Application Security Consortium 7 Web Security Threat Classification Web URL 2 ...?? It depends!? It depends!??? 3 ? It depends!...
GulfStar1.5ユーザーマニュアル
GulfStar ID 2004 6 1 1 ID...2 2 ID...2 3...3...3...6...6 4...7 URL...7...8 5...10...10... 11 6...12...12 1/12 ID BASIC GulfStar 1 ID ID 2 ID ID 2/12 3 [ ][ ][ ] ID URL 3/12 2 ID 4/12 URL POST URL(
通信プロトコルの認証技術
PKI IPsec/SSL IETF (http://www.netcocoon.com) 2004.12.9 IPsec ESP,AH,IPComp DOI:SA IKE SA ISAKMP IKE ESP IKE AH DOI Oakley ISAKMP IPComp SKEME IPsec IPv4TCP + IPv6TCP + IPv4 AH TCP + IPv6 AH + TCP IPv4
main.dvi
Central Authentication and Authorization Service Web Application (Hisashi NAITO) Graduate School of Mathematics, Nagoya University naito@math.nagoya-u.ac.jp (Shoji KAJITA) Information Technology Center,
FileMaker Server Getting Started Guide
FileMaker Server 11 2004-2010 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker FileMaker, Inc. FileMaker, Inc. FileMaker FileMaker,
FileMaker Server 16 インストールおよび構成ガイド
FileMaker Server 16 2007-2017 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker FileMaker Go FileMaker, Inc. FileMaker WebDirect FileMaker
従来型 Web Ajax ー Webサー ー Webサー M M に M ージを M M ク イ ント JavaScript を イン M を ー に ータ 力 Submit タンを Submit の ージ る XX X 力 ータ M ータの によ に る M を に の プリに対 キー ー スによ
解説 Web 2.0 Web 2.0 というトレンドの中で,Ajax や Mashup などの技術やユーザ生成コンテンツの増加により, 新しい攻撃手法が日々登場する状況となっている. 特に Web アプリケーション層の脆弱性は深刻で,90% の Web サイトは何らかのアプリケーションレベルの脆弱性を持っているといわれている. 本稿では Web 2.0 の技術的特徴と, それを利用した攻撃手法, 代表的な対策手法と今後の展望について解説する.
2016 IP 1 1 1 1.1............................................. 1 1.2.............................................. 1 1.3............................................. 1 1.4.............................................
/07/ /10/12 I
Certificate Policy Version 1.10 2018 10 12 1.00 2018/07/24 1.10 2018/10/12 I 1.... 1 1.1... 1 1.2... 1 1.3 PKI... 2 1.3.1 CA... 2 1.3.2 RA... 2 1.3.3... 2 1.3.3.1... 2 1.3.3.2... 3 1.3.4... 3 1.3.5...
FileMaker Server Getting Started Guide
FileMaker Server 12 2007 2012 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker Bento FileMaker, Inc. Bento FileMaker, Inc. FileMaker
操作1 <設問作成>
ORCA (Online Research Control system Architecture) ORCA 1 1 2 3 4 5 6 7 URL 2 [ ] 3 4 5 1. 2. 4 6 2. 4. 3. 5. 7 6. 8.10. 9. 12. 13. 14. 8 2. 4. 3. 5. 6. 8. 7. 9. 9 9. 10 8. 12. 9. 10. 11 6. 8. 7. 8. 6
PowerPoint Presentation
アプリケーションのセキュリティ向上のための Edge Service の戦略とベスト プラクティス Prasad Kalyanaraman, VP Edge Services June 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. このセッションの目的 なぜセキュリティが重要か セキュリティの
/02/ /09/ /05/ /02/ CA /11/09 OCSP SubjectAltName /12/02 SECOM Passport for Web SR
for Web SR Certificate Policy Version 2.50 2017 5 23 1.00 2008/02/25 1.10 2008/09/19 1.20 2009/05/13 5 1.30 2012/02/15 5.6 CA 1.40 2012/11/09 OCSP SubjectAltName 2.00 2013/12/02 SECOM Passport for Web
i TCP/IP NIC Intel 3com NIC TCP/IP *1 20 IPv4 IPv6 IPv6 TCP/IP TCP/IP *1 3
i TCP/IP NIC Intel 3com NIC TCP/IP 78 90 500 *1 20 IPv4 IPv6 IPv6 TCP/IP TCP/IP 79 80 *1 3 ii IPv4 IPv4 *2 *3 IPv6 5 IPv6 UDP UDP IP UDP IP TCP/IP IPv6 IPv4 TCP/IP IPv6 TCP/IP TCP/IP TCP/IP TCP/IP IPv6
untitled
IT IT IT IT 1 IT 2 Software as a Service (SaaS 3 ) IT SaaS 4 SaaS SaaS PC SaaS SaaS Web SaaS ID IT SaaS IT 1 2 3 Software as a Service ASP(Application Service Provider) SaaS 4 ASPIC SaaS SaaS SaaS SaaS
FileMaker Server 15 入門ガイド
FileMaker Server 15 2007-2016 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker FileMaker Go FileMaker, Inc. FileMaker WebDirect FileMaker,
FileMaker Server Help
FileMaker Server 13 FileMaker Server 2010-2013 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker Bento FileMaker, Inc. FileMaker WebDirect
2
0. 92a --------------------------------------------------------- ---------------------------------------------------- 1. 1-1. 1-2. 1-3. 2. 2-5. 1 2 a ---------------------------------------------------------
Web Web Web 2
PFU syouda.kimiko@pfu.fujitsu.com Web Web Web Web Web Web Web 2 Web Web Web Web Ajax Web Web Request.Response Ajax Ajax(Asynchronous JavaScript + XML) Google Maps Google Suggest Ajax Up Ajax 4 My Travel
Oracle Application Server 10g Release 3(10.1.3)Oracle HTTP Serverの概要
Oracle Application Server 10g Release 3 10.1.3 Oracle HTTP Server Oracle 2005 12 Oracle Application Server 10g Oracle HTTP Server... 3 OHS:... 3 Oracle HTTP Server... 4 Apache : HTTP v1.1... 4 Apache 2.0...
Cisco WebEx ホワイトペーパー: リアルタイムコラボレーションのパワーを解き放つ: Cisco WebEx ソリューションのセキュリティ概要
: Cisco WebEx : Cisco WebEx Cisco WebEx 107-6227 9-7-1 Tel: 03-6434-6044 Fax: 03-5411-9226 Japaninfo@webex.com www.webex.co.jp WebEx Communications, Inc. 3979 Freedom Circle, Santa Clara, CA 95054 USA
FileMaker 15 WebDirect ガイド
FileMaker 15 WebDirect 2013 2016 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker FileMaker Go FileMaker, Inc. FileMaker WebDirect FileMaker,
Oracle Secure Enterprise Search 10gを使用したセキュアな検索
Oracle Secure Enterprise Search 10g 2006 3 Oracle Secure Enterprise Search 10g... 3... 3... 3... 4 Oracle Internet Directory... 4 Microsoft Active Directory... 5... 5 1... 5 2... 6 3 ACL... 6 4 ACL...
IW2001-B2 1 Internet Week 2001 ( ) Copyright 2001 All Rights Reserved, by Seiji Kumagai IW2001-B2 2 CodeRed Copyright 2001 All Rights
1 Internet Week 2001 ( ) kuma@isid.co.jp 2 CodeRed 1 3 (EXCEED ) se cu ri ty? 4? 2 5 Web IP Web MP3 6 3 7 1.5Mbps8Mbps 500 MP3 CM VoD 8 4 ADSL (Asymmetric Digital Subscriber Line) () CATV FWA (Fixed Wireless
AJAXを使用した高い対話性を誇るポートレットの構築
Oracle Application Server Portal テクニカル ノート AJAX 2006 7 概要 Web Web Web UI Web Web Web Web Ajax Asynchronous JavaScript and XML Ajax Ajax 1 API JSR 168 Web Java JSR 168 JavaScript AJAX: 画面の背後にあるテクノロジ Web
1 1 1............................ 1 2 jquery........................ 2 3................ 3 4................... 3 2 4 1..............................
1 1 1............................ 1 2 jquery........................ 2 3................ 3 4................... 3 2 4 1.............................. 4 2.............................. 6 3...........................
1 1 1.......................... 1 2........................ 2 2 3 1.................. 3 2.......................... 5 3........................... 6 4
1 1 1.......................... 1 2........................ 2 2 3 1.................. 3 2.......................... 5 3........................... 6 4........................ 7 3 Ajax 8 1...........................
07_経営論集2010 小松先生.indd
19 1 2009 105 123 Web Web Web Web World Wide Web WWW OS 1990 WWW Web HTML CSS JavaScript Web 1 WWW 2 Web Web 3 Web 4 HTML5 5 Web Web 3 1970 WWW HTML Web WWW WWW WWW WWW WWW 105 Web WWW 2 Web 1 1 NTT NTT
Macintosh HD:Users:ks91:Documents:lect:nm2002s:nm2002s03.dvi
3 ks91@sfc.wide.ad.jp April 22, 2002 1 2 1. over IP ( : Voice over IP; IP Internet Protocol ) over IP??? : 2002/4/20 23:59 JST : http://www.soi.wide.ad.jp/report/ 3 32 11 (4/22 ) 4 () 3 2 1? 4 ...... A.C.
Oracle Application Server 10gリリース2( )Oracle HTTP Serverの概要
Oracle Application Server 10g 2 10.1.2.0.2 Oracle HTTP Server 2005 10 Oracle Application Server 10g Oracle HTTP Server... 3 OHS:... 4 Web... 4... 4 OHS: Web... 5... 5 Oracle HTTP Server... 5... 7 OHS...
FileMaker Server Help
FileMaker Server 11 FileMaker Server 2010 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker FileMaker, Inc. FileMaker, Inc. FileMaker
Microsoft PowerPoint - 2k_SSL Value for Customers.pptx
F5ネットワークスジャパン 2010 年 10 月 SSL 公 開 鍵 長 の2048ビット 移 行 と BIG-IPによるSSLオフロードの に ド 価 値 について セキュリティガイダンス およびその 影 響 3 暗 号 アルゴリズムにおける2010 年 問 題 2010 年 問 題 現 在 使 われている 暗 号 アルゴリズムが 将 来 的 に 使 用 できなくなることに 伴 って 発 生 する
Teradici Corporation #101-4621 Canada Way, Burnaby, BC V5G 4X8 Canada p +1 604 451 5800 f +1 604 451 5818 www.teradici.com Teradici Corporation Teradi
PCoIP TER0806003 TER0806003 Issue 2 0 Teradici Corporation #101-4621 Canada Way, Burnaby, BC V5G 4X8 Canada p +1 604 451 5800 f +1 604 451 5818 www.teradici.com Teradici Corporation Teradici Teradici Teradici
Windows Oracle -Web - Copyright Oracle Corporation Japan, All rights reserved.
Windows Oracle -Web - Copyright Oracle Corporation Japan, 2004. All rights reserved. Agenda Oracle Windows Windows Oracle 1 / Active Directory/Enterprise User Security 1-1 Windows 1-2 Kerberos 1-3 Enterprise
untitled
Oracle Enterprise Manager 10g Oracle Application Server 2003 11 Oracle Enterprise Manager 10g Oracle Application Server... 3 Application Server... 4 Oracle Application Server... 6... 6... 7 J2EE... 8...
事例に見るSCORMの・・・
SCORM 1.2 2005 8 2004, 2005 i 2004 6 1.0 2004 6 1.02 3.1.1 2005 1 1.1 2.1.4, 2.4.9, 2.5.2, 2.5.3, 3.1.3, 3.4.6, 3.5.2, 3.5.3. 2005 8 1.2 2.1.1 BOM 2.2.2, 2.4.10, 3.1.1 BOM 3.2.2, 3.4.7. ii 1. 1 2. 2 2.1
2 Java 35 Java Java HTML/CSS/JavaScript Java Java JSP MySQL Java 9:00 17:30 12:00 13: 項目 日数 時間 習得目標スキル Java 2 15 Web Java Java J
1 2018 4 Java 35 35 262.5 30 1 1 1,045,300 653,300 656,000 2017 12 389,300 2,700 2 946,900 554,900 290,900 101,100 1 2 Java Java Java Web Eclipse Java List Set Map StringBuilder HTML/CSS/JavaScript JSP/Servlet
別添 2 SQL インジェクション ぜい弱性診断で最低限行うべき項目 1 ( ' ( 検索キー )''-- ( 検索キー ) and 'a'='a ( 検索キー ) and 1=1 は最低限 行うこと ) OS コマンドインジェクション 2 (../../../../../../../bin/sle
別添 1 ぜい弱性診断対象 Web アプリケーション 名称 画面遷移図 1 ヒト完全長 cdna データベース別添 3 みふぁっぷ 2 微生物遺伝子機能データベース ( MiFuP ) 別添 4 3 微生物有害性遺伝子機能データベース (MiFuP Safety) 別添 5 4 MiFuP Wiki 別添 6 5 ACM 別添 7 1 別添 2 SQL インジェクション ぜい弱性診断で最低限行うべき項目
Session Fixation ID ID ID ID WhiteHat Security 1) 12% Session Fixation MBSD 2) Session Fixation Session Fixation ID ID ID ID ID Session Fixation ID ID
Session ID Session Fixation 1 1 1, 2 Session Fixation Session Fixation ID Session Fixation ID ID ID ID Session Fixation Session Fixation Detection of Session Fixation Vulnerabilities with Session ID Monitoring
H1-2-3-4.indd
1 1 1 2 3 9 9 10 10 12 12 14 14 16 16 17 18 19 21 28 1 26 11 22 26 11 23 26 11 24 Web 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 4 4 8 2 2 4 20 4 4 8 4 4 8 2 2 4 4 4 32 4 4 12 4 4 4 4 4 4 4 4 8 2
"CAS を利用した Single Sign On 環境の構築"
CAS 2 SSO Authorization 1,3, 2,3, 2, 2,3 1 2 3 Central Authentication and Authorization Service (CAS 2 ) Web Application Single Sign On Authorization CAS 2 SSO/AuthZ Jan. 30 2007, p. 1/40 Plan of Talk
Cisco® ASA シリーズルーター向けDigiCert® 統合ガイド
Cisco ASA DigiCert 2013 7 8 Cisco ASA VPN DigiCert : 2013 7 8 Copyright 2018 DigiCert, Inc. All rights reserved. DigiCert DigiCert DigiCert, Inc. Symantec Norton Symantec Corporation DigiCert, Inc. DigiCert,
WIDE 1
WIDE 1 2 Web Web Web Web Web Web Web Web Web Web? Web Web Things to cover Web Web Web Web Caching Proxy 3 Things NOT covered / How to execute Perl Scripts as CGI binaries on Windows NT How to avoid access
第3回_416.ppt
3 3 2010 4 IPA Web http://www.ipa.go.jp/security/awareness/vendor/programming Copyright 2010 IPA 1 3-1 3-1-1 SQL #1 3-1-2 SQL #2 3-1-3 3-1-4 3-2 3-2-1 #2 3-2-2 #1 3-2-3 HTTP 3-3 3-3-1 3-3-2 Copyright 2010
1 6 1.1........................................... 6 1.1.1 Wiki.............................. 6 1.1.2............................. 7 1.2..............
Wiki 1 6 1.1........................................... 6 1.1.1 Wiki.............................. 6 1.1.2............................. 7 1.2.......................................... 7 1.2.1................
NexusGuard_final_Japanese_ver_PacSec_Bypassing_DDoS_Mitigation_PacSec_JP_2013.pptx
DDoS PacSec Tokyo 2013 DDoS DDoS Nexusguard R&D 内 DDoS TCP SYN HTTP HTTP Cookie JavaScript CAPTCHA Proof Of Concept Proof Of Concept TCP HTTP r Proof Of Concept 20Gbps 250 30% 600 NTT Successfully Comba?ng
HTTP2 HTTP2 http2fuzz ATS Firefox NodeJS
HTTP/2 Stuart Larsen John Villamil Yahoo! HTTP2 HTTP2 http2fuzz ATS Firefox NodeJS Stuart Larsen https://c0nrad.io John Villamil @day6reak HTTP/1.1 1999 HTML Java Script Web ISP Web SSL HTTP/2 HTTP/2 よこんにちは
目次〜.indd
目次 1 はじめに 3 1. 1 本書の目的 3 1. 2 セキュリティ ホールの一生 5 1. 2. 1 フルディスクロージャという思想 6 1. 3 セキュリティの階層 8 2 HTTP 通信の基礎 21 2. 1 Web アプリケーションとネットワーク 21 2. 2 階層化されている通信プロトコル 22 2. 3 HTTP 26 2. 4 パケットキャプチャによって 実際に確認する 27 2.
WordPress Ktai Style Ktai Entry 18 Mac 18
WORDPRESS 2011 8 27 (8 31 ) WordBeach Nagoya WordBench WordPress Ktai Style Ktai Entry 18 Mac 18 http://www.yuriko.net/ @lilyfanjp PHP WordPress ( ) WordPress function the_content($more_link_text=null,$stripteaser=0,
Microsoft PowerPoint - psj06johns-j.ppt
クロスサイトリクエストフォージェリ (XSRF) Universität Hamburg なぜ配慮しないといけないか PacSec 2006 2006 年 11 月 27 日 ~30 日 Martin Johns Fachbereich Informatik SVS Sicherheit in Verteilten Systemen 自己紹介 Martin Johns informatik.uni-hamburg.de
¥Í¥Ã¥È¥ï¡¼¥¯¥×¥í¥°¥é¥ß¥ó¥°ÆÃÏÀ
1 / 21 = E2E END END ( ) 3 / 21 10000 things all ICS students should do before graduating 0000 : Buy your own domain name. 0001 : Install an Apache web server and configure it in a non-trivial way, e.g.
"CAS を利用した Single Sign On 環境の構築"
CAS 2 Single Sign On 1,3, 2,3, 2, 2,3 1 2 3 May 31, 2007 ITRC p. 1/29 Plan of Talk Brief survey of Single Sign On using CAS Brief survey of Authorization Environment using CAS 2 Summary May 31, 2007 ITRC
DNS と blocking anti-blocking 要素技術 ( みえてしまう要素技術 ) 藤原和典 株式会社日本レジストリサービス (JPRS) Internet Week 2018, DNS Day 2018 年 11 月 29 日 Copyrigh
DNS と blocking anti-blocking 要素技術 ( みえてしまう要素技術 ) 藤原和典 fujiwara@jprs.co.jp 株式会社日本レジストリサービス (JPRS) Internet Week 2018, DNS Day 2018 年 11 月 29 日 Copyright 2018 Japan Registry Services Co., Ltd. 1 自己紹介 氏名
CAS Yale Open Source software Authentication Authorization (nu-cas) Backend Database Authentication Authorization to@math.nagoya-u.ac.jp, Powered by A
Central Authentication System naito@math.nagoya-u.ac.jp to@math.nagoya-u.ac.jp, Powered by Adobe Reader & ipod Photo March 10, 2005 RIMS p. 1/55 CAS Yale Open Source software Authentication Authorization
証明書検証サーバ
(Certificate Validation Server) 2007/11/1 Version 1.09 (Certificate Validation Server) 1 2006/4/27 0.930 2 2007/5/8 0.940 / 3 2007/5/15 0.950 Solaris TOE Linux TOE ST 4 2007/5/23 0.960 ASE ( : ASE001-01)
自己紹介 はせがわようすけ ネットエージェント株式会社 株式会社セキュアスカイ テクノロジー技術顧問 OWASP Kansai Chapter Leader OWASP Japan Chapter Advisory Board member
HTML5 のセキュリティ もうちょい詳しく HTML5 セキュリティその 3 : JavaScript API Jun 6 2014 Yosuke HASEGAWA 自己紹介 はせがわようすけ ネットエージェント株式会社 株式会社セキュアスカイ テクノロジー技術顧問 http://utf-8.jp/ OWASP Kansai Chapter Leader OWASP Japan Chapter Advisory
FileMaker WebDirect Guide
FileMaker 13 WebDirect 2014 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker Bento FileMaker, Inc. FileMaker WebDirect Bento FileMaker,
ウイルスバスター ビジネスセキュリティ インストールガイド
TM 2 3 6 Biz 10 Biz 36 46 51 9.0 Windows /PC/Mac 1 readme CD-ROM.htm CD-ROM PDF PDF Web http://tmqa.jp/dl49 TRENDMICRO TREND MICRO Trend Micro Smart Protection Network Smart Protection Network SPN 2 Copyriht
Installation and New Features Guide for FileMaker Pro and FileMaker Pro Advanced
FileMaker FileMaker Pro 11 and FileMaker Pro 11 Advanced 2007-2010 FileMaker, Inc. All rights reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker Bento FileMaker,
Epson Print Admin
Epson Print Admin NPD5369-02 JA Epson Print Admin Epson Print Admin Epson Print Admin Epson Open Platform Epson Open Platform Epson Print Admin Epson Print Admin 2 B K L U OS Windows OSWindows 10Windows
3. RIR 3.1. RIR Regional Internet Registry APNIC Asia Pacific Network Information Centre RIR RIPE NCC Réseaux IP Européens Network Coordination Centre
3 RIR RIR APNIC 1. 2. MyAPNIC RIPE NCC 1. 2. LIR Portal ARIN 3. RIR 3.1. RIR Regional Internet Registry APNIC Asia Pacific Network Information Centre RIR RIPE NCC Réseaux IP Européens Network Coordination
untitled
Web Ver3 2005 7 1. Web...1 2. Web...2 3. Web...3 4....5 5. ActiveX...9 6. Java...11 7. Netscape Plug-in... 15 8. COM... 19 9. Web API... 20 10.... 21 1. Web for WindowsCSV HTML 1 2. Web Web Web / for WindowsHTML
untitled
Peers Working Together to Battle Attacks to the Internet JANOG17 20 Jan 2006 Matsuzaki Yoshinobu Tomoya Yoshida Taka Mizuguchi NSP-SEC/NSE-SEC-JP Agenda
untitled
https http Web HTTP (hypertext Transfer Protocol) SSL HTTPS(hypertext Transfer Protocol Security) (Subject) (subject) Subject IEInternetExplorer ActiveMail! [Esc] [Ctrl] [z] From: To: Subject: Cc: Bcc:
Mac OS X Server QuickTime Streaming Server 5.0 の管理(バージョン 10.3 以降用)
Mac OS X Server QuickTime Streaming Server 5.0 Mac OS X Server 10.3 apple Apple Computer, Inc. 2003 Apple Computer, Inc. All rights reserved. QuickTime Streaming Server Apple Apple Computer, Inc. Apple
Lync Server 2010 Lync Server Topology Builder BIG-IP LTM Topology Builder IP Lync 2010 BIG IP BIG-IP VE Virtual Edition BIG-IP SSL/TLS BIG-IP Edge Web
1.1 Microsoft Lync Server 2010 BIG-IP LTM 2 4 5 BIG-IP : Lync 6 BIG-IP : Lync 7 BIG-IP : - 8 BIG-IP : - 9 A: BIG-IP Microsoft Lync Server 2010 Microsoft Lync Server 2010 Office Communications Server BIG-IP
BIG‑IP Access Policy Manager | F5 Datasheet
2 3 5 7 8 Secure Web Gateway 10 12 BIG-IP APM 13 F5 Global Services 13 13 BIG-IP Access Policy Manager (APM) LAN BIG-IP APM IT LAN 1 Web OAM XenApp Exchange Web Web Web Web Web web BIG-IP APM LAN IT /
... 3... 3... 3... 3... 4... 7... 10... 10... 11... 12... 12... 13... 14... 15... 18... 19... 20... 22... 22... 23 2
1 ... 3... 3... 3... 3... 4... 7... 10... 10... 11... 12... 12... 13... 14... 15... 18... 19... 20... 22... 22... 23 2 3 4 5 6 7 8 9 Excel2007 10 Excel2007 11 12 13 - 14 15 16 17 18 19 20 21 22 Excel2007
Windows2000 Edge Components V Edge Components V Java Edge Components
WebSphere Application Server V5.1 Edge Components V5.1 / CBR Method Ver. 1.0 - Windows 2000 - 1.... 3 2. Windows2000 Edge Components V5.1... 4 2.1.... 4 2.2.... 4 3. Edge Components V5.1... 5 3.1.... 5
i HTTP Basi
2006 Web page Access Control based on Broadcast Encryption Scheme 5ADRM034 i 1 1 1.1................................. 1 1.2.................................... 1 2 2 2.1......................................