Sécurité

“i will be locking my PC from now on 🥲”

Bon, vous le savez, depuis 2013 on organise des Bugs Bounties avec les copains de YesWeHack. Et en 2015, on a décidé de créer www.yeswehack.com, une plateforme qui permet facilement à chaque sociét…

Multi-factor authentication offers users far more protection than a password alone. But experts warn it’s no panacea against hackers.

A free undergraduate textbook that introduces students to the fundamentals of provable security

The UK’s Department for Culture, Media and Sport (DCMS) introduced a bill to Parliament yesterday. But what does that mean for IoT manufacturers and consumers? First, this bill has been […]

We tear down some infosec conventional wisdom—there's a lot of bad advice out there.

An easy-to-use digital safety checklist

The new Sanitizer API aims to build a robust processor for arbitrary strings to be safely inserted into a page. This article introduces the API, and explains its usage.

Penetration Tester | Ethical Hacker | Web Application Security

La matrice D3FEND de Mitre explique la terminologie des techniques défensives de cybersécurité et leur rapport avec les méthodes offensives.

Proposé par Université de Stanford. Cryptography is an indispensable tool for protecting information in computer systems. In ... Inscrivez-vous gratuitement.

A database of software vulnerabilities, using data from maintainer-submitted advisories and from other vulnerability databases.

XS-Leaks Wiki # Overview # Cross-site leaks (aka XS-Leaks, XSLeaks) are a class of vulnerabilities derived from side-channels 1 built into the web platform. They take advantage of the web’s core principle of composability, which allows websites to interact with each other, and abuse legitimate mechanisms 2 to infer information about the user. One way of looking at XS-Leaks is to highlight their similarity with cross-site request forgery (CSRF 3) techniques, with the main difference being that instead of allowing other websites to perform actions on behalf of a user, XS-Leaks can be used to infer information about a user.

Finally, the true story behind the DNSimple character Trusty.

The Official Sqreen Blog

Inhibitor181 is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne.

Veille sécurité collaborative via news.torii-security.fr

J’ai récemment vu passer un tweet de la gendarmerie des Vosges sur la solidité des mots de passe contenant ce tableau : https://twitter.com/Gendarmerie088/status/1303213404669308928 Bien que très intéressant et donnant une bonne idée de la complexité qu’il faut donner à un mot de passe, cette

This article covers security aspects to consider when creating forms for the web. We'll be applying security principles for the frontend, backend, DNS and more.

Un objet connecté (IoT) peut présenter des vulnérabilités. Voici 10 bonnes pratiques à adopter pour utiliser au mieux vos objets connectés en sécurité.

In this post, learn about the main findings of Sqreen's State of Application Security report, related to the PHP language.

XXE -- XML External Entity -- is one of the OWASP Top Ten vulnerabilities. Learn more about what it is and how you can prevent exploits

Download CrackStation's password cracking wordlist.

The largest collection of rainbow tables anywhere - completely free to download

Built-in Kali Linux wordlist rockyou.txt