Owasp top 10 serverless
TakahiroTanaka
754 views
21 slides
Feb 18, 2019
Slide 1 of 21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
About This Presentation
OWASP Nagoya Chapter 9
2019/2/8 発表資料
Slide Content
OWASP Top 102017
Serverless
Serverless
R>N/
●I.X6
●)-MIT90KC=
●,!-%*M"&,$*SE
●'+
○K2SE→G5SE→K27ULHDA→,$*SE
●1<
● (+"4@OP
○-#,J3"&;Y:SFQ?BTE Q?BTEW
4@V8
●I.X6
●)-MIT90KC=
●,!-%*M"&,$*SE
●'+
○K2SE→G5SE→K27ULHDA→,$*SE
●1<
● (+"4@OP
○-#,J3"&;Y:SFQ?BTE Q?BTEW
4@V8
OWASP Top 10
!
OWASP Top 10 .C9@1hp??C18C7ik $
.C9@12+=?5)?1,'[Hj%'baZPa@;C7
`N]ROWASP Serverless Top 10@;C7'FU%'ba-<B7Jr'
ED#cg'WY-<B7'Q
●:A0*,7'.;C7%qmfST6C3
●[eaOWASP Serverless Top 10:A0*,7?17(4:&%"X\Vd
`N?17X\ lI&%
●Mn%Y^2,/>BX\
●L &%lIGo#OoK_
OWASP Top 10 .C9@1hp??C18C7ik $
.C9@12+=?5)?1,'[Hj%'baZPa@;C7
`N]ROWASP Serverless Top 10@;C7'FU%'ba-<B7Jr'
ED#cg'WY-<B7'Q
●:A0*,7'.;C7%qmfST6C3
●[eaOWASP Serverless Top 10:A0*,7?17(4:&%"X\Vd
`N?17X\ lI&%
●Mn%Y^2,/>BX\
●L &%lIGo#OoK_
OWASP Top 10(1)
●3SWeb%*,(+PA*+K@)++M68
-/XW$ ,+
●*+M68N5429GBI7VJ2
●C:=<;E'*!-6F7VM68HO&+"UD?E=<
#*01LQ>
○OWASPTR
■OWASP Proactive Controls
■OWASP ASVS
■OWASP Testing Guide
■OWASP Cheat Sheet
■OWASP Automated Threats YYY
○ .1LQ>
■CWE
■NIST
●3SWeb%*,(+PA*+K@)++M68
-/XW$ ,+
●*+M68N5429GBI7VJ2
●C:=<;E'*!-6F7VM68HO&+"UD?E=<
#*01LQ>
○OWASPTR
■OWASP Proactive Controls
■OWASP ASVS
■OWASP Testing Guide
■OWASP Cheat Sheet
■OWASP Automated Threats YYY
○ .1LQ>
■CWE
■NIST
OWASP Top 10 (2)
1.A1:2017-)%)
2.A2:2017-FE+-
3.A3:2017-?;=5I/
4.A4:2017-XML 6H)4@JXXEK
5.A5:2017-2:+-
6.A6:2017-+G1$'D8
7.A7:2017-('!)JXSSK
8.A8:2017-7.'&*%)
9.A9:2017->BC9<)"* ),A
10.A10:2017-+30()#')
1.A1:2017-)%)
2.A2:2017-FE+-
3.A3:2017-?;=5I/
4.A4:2017-XML 6H)4@JXXEK
5.A5:2017-2:+-
6.A6:2017-+G1$'D8
7.A7:2017-('!)JXSSK
8.A8:2017-7.'&*%)
9.A9:2017->BC9<)"* ),A
10.A10:2017-+30()#')
OWASP Top 10(3)
●! " "
○X: Denial of Service (DoS)
○X: Denial of Wallet (DoW)
○X: Insecure Secret Management
○X: Insecure Shared Space
○X: Business Logic / Flow manipulation
●! " "
○X: Denial of Service (DoS)
○X: Denial of Wallet (DoW)
○X: Insecure Secret Management
○X: Insecure Shared Space
○X: Business Logic / Flow manipulation
"3*0%M
OWASP Top 10 "3*0%IJ "3*0%NNN
FaaS,1*&?6-)3$';GB9KAWS LambdaGoogle Cloud Functions
L7C<H"3*,1+$.(2DAG!3';G
B9485
,/ 3#.2;GB9"3*@EDAG7C
-1"3+%@>HF7C=:
OWASP Top 10 "3*0%IJ "3*0%NNN
FaaS,1*&?6-)3$';GB9KAWS LambdaGoogle Cloud Functions
L7C<H"3*,1+$.(2DAG!3';G
B9485
,/ 3#.2;GB9"3*@EDAG7C
-1"3+%@>HF7C=:
A1:20172! .2
◆B
●EDMA>
●543("%0Function
@;
○/&"%13!+2%
○"%03,$3#:H
○$3#+3"GF
○3&BG
○KJ
◆B
●9= 87N
●2#*0#<IL'/-3#?
2#)3"C6
◆B
●EDMA>
●543("%0Function
@;
○/&"%13!+2%
○"%03,$3#:H
○$3#+3"GF
○3&BG
○KJ
◆B
●9= 87N
●2#*0#<IL'/-3#?
2#)3"C6
A1:2017
FaaSFunction
FaaSFunction
A2:2017YXCF
◆M
●'A1=*Function80;(-%6;&
A(9@U 7@..;$[I
.;$V^YX
Function[I
●Faas6>1 ,OE YX'A3*HT
LJ5<A.4"A*QPGS2*?A/
\ K]DB
◆M
●25;-%%:!/*.=A)#A6@API
RW;+A*QPNZ
◆M
●'A1=*Function80;(-%6;&
A(9@U 7@..;$[I
.;$V^YX
Function[I
●Faas6>1 ,OE YX'A3*HT
LJ5<A.4"A*QPGS2*?A/
\ K]DB
◆M
●25;-%%:!/*.=A)#A6@API
RW;+A*QPNZ
A2:2017<;')
&:?58PullRequest>(%! %#>(%!*/
7< "1<@,< %#=(
-+328SES$406<; Lambda.9
&:?58PullRequest>(%! %#>(%!*/
7< "1<@,< %#=(
-+328SES$406<; Lambda.9
A3:2017dY[R~J
◆T
●^]s oOVx6,BD
3"9>(D+<CA':,2[R
$C8=,2=&/;IW
FunctionNh
●FaaS9A5$.\G*D7, Klb
QzpiHp1D-bQMjST`
Function Uu|1D- Hw
◆T
●bQzn}F{s^]1D-,2"cq
8%BD1#C'X8!$?vy
Pt1D-n}T
●Hp1D-bQM
●/tmpEaKl1#@&2> )C04
efL\_rgmkPt
Z
◆T
●^]s oOVx6,BD
3"9>(D+<CA':,2[R
$C8=,2=&/;IW
FunctionNh
●FaaS9A5$.\G*D7, Klb
QzpiHp1D-bQMjST`
Function Uu|1D- Hw
◆T
●bQzn}F{s^]1D-,2"cq
8%BD1#C'X8!$?vy
Pt1D-n}T
●Hp1D-bQM
●/tmpEaKl1#@&2> )C04
efL\_rgmkPt
Z
A4:2017XML7L*""3B
◆6
●J9VPC/L7L;K.
21,4'&+#IA:H
●+$(:H Function85@MF
DoS?>4G=<
◆6
●XML7L*""3B0D
XML%) !-8EC
◆6
●J9VPC/L7L;K.
21,4'&+#IA:H
●+$(:H Function85@MF
DoS?>4G=<
◆6
●XML7L*""3B0D
XML%) !-8EC
A5:2017 "!9H38
◆@
●1*.!'. $-JCTP?
FaaS+0)#7AFunction
DGLroot/adminXF
"!M4N
●Function;5SMZVBO
>R)% (6
◆@
●KEMZ<:FunctionIUKE
ZMZ4;2 "!W=,&/
YQ
◆@
●1*.!'. $-JCTP?
FaaS+0)#7AFunction
DGLroot/adminXF
"!M4N
●Function;5SMZVBO
>R)% (6
◆@
●KEMZ<:FunctionIUKE
ZMZ4;2 "!W=,&/
YQ
A6:2017DmK,&>@1#iQ
◆O
●$B8?+3?'/=T70/m`
FaaS:A6$.R\rae
70/m`WhX_U
●Function-$<"%3iQELRg[
,&>@1#bZtI
iQJ,&>@1#tl
○fVXFunctionq]sM`
○Pojp
◆O
●DmK,&>@1#iQG;+c
k
●H…
○^SYN!github"0:AC4
○79@0'6)03nd
○FunctionF5C4*C2#B(
◆O
●$B8?+3?'/=T70/m`
FaaS:A6$.R\rae
70/m`WhX_U
●Function-$<"%3iQELRg[
,&>@1#bZtI
iQJ,&>@1#tl
○fVXFunctionq]sM`
○Pojp
◆O
●DmK,&>@1#iQG;+c
k
●H…
○^SYN!github"0:AC4
○79@0'6)03nd
○FunctionF5C4*C2#B(
A7:2017#9*& .*#61,:$
◆B
●EJ16%;(4:XSS>A-;+
2;*<=NC3
;7#5!/*.8;).
6">A?LF
◆B
●05!'DMIHGK@
◆B
●EJ16%;(4:XSS>A-;+
2;*<=NC3
;7#5!/*.8;).
6">A?LF
◆B
●05!'DMIHGK@
A8:2017@9+%1!0"(4%/3
◆?
●$4-2&DMFunctionAUH
YOAUQ6#3*,5RJ
LFEV >Z
◆?
●TBC= 0".01:M
K8<SC
●7[+4)8;%1!0"'+
4)IW
●0".01GNTBCPX
◆?
●$4-2&DMFunctionAUH
YOAUQ6#3*,5RJ
LFEV >Z
◆?
●TBC= 0".01:M
K8<SC
●7[+4)8;%1!0"'+
4)IW
●0".01GNTBCPX
A9:2017035-/(#) (*2
◆+
●035-/(#) (*2)!'.1"&)%(
$&&,4+
◆+
●035-/(#) (*2)!'.1"&)%(
$&&,4+
A10:20174;71!2#.*'/2#
◆?
●FaaS,1+ (F61!2#.*'/2
#)308M J :5.*'
/2#
○VUTE=
○/&3$4K"%$
○FunctionW9@Q
○NBX@QIY
◆?
●HGO4;71!2#.*'/2#
' -/3ADZ
●FaaS,1+ (F61!2#.*'/2#
4;7><LP@RCS
◆?
●FaaS,1+ (F61!2#.*'/2
#)308M J :5.*'
/2#
○VUTE=
○/&3$4K"%$
○FunctionW9@Q
○NBX@QIY
◆?
●HGO4;71!2#.*'/2#
' -/3ADZ
●FaaS,1+ (F61!2#.*'/2#
4;7><LP@RCS
●'>1;*39#(DF@S`:,>*DF[Zn Q
CL DF\d_jW^ 4:&>)8=NXaRH
●'>1;*VhePVh]kGf?bc[Zi
MmOJ
●VheP"=29*09%.6FaaS4<1"-BUlE T+$7:
/!K` 4<1"- YA5*049%/!*Ig
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 754
- Slides 21
- Favorites 1
- Age 2479 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views