Sécurité

The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, in one of the biggest password re-use studies of its kind.

This credit card skimmer hides in plain sight, quite literally, as it resides inside the metadata of image files. We analyze the threat.

A hands-on beginner's guide to what XSS attacks are and how to prevent them.

Random musings from Jason Walton, software developer and sometimes photograper.

Threat modelling is a risk based approach to cyber security requirements analysis.

OWASP has documented the top means of automated attacks against web apps. Let's discuss how to stay ahead of the top OWASP automated threats.

How long it would take a computer to crack your password?

Lock your app down and make it less susceptible to bad actors

Wearing a striped shirt and Matrix-style dark glasses, Onel de Guzman stared at the floor as he made his way through a crowd of photographers into a hastily arranged press conference in Quezon City, a suburb of the Philippines capital Manila.

Security as code is another name for DevSecOps—or, focusing on security when developing your code. Read this to learn its benefits and best practices.

In the 1980’s, Cliff Stoll discovered a $0.75 accounting error on the computer systems he managed at Lawrence Berkeley Laboratory. This small discovery would eventually lead him on the year-l…

Kontra is an Application Security Training platform built for modern development teams.

Web security is a topic that is often overlooked by frontend developers. When we assess the quality of the website, we often look at metrics like performance, SEO-friendliness, and accessibility, while the website’s capacity to withstand malicious attacks often falls under the radar. And even though the sensitive user data is stored server-side and significant measures must be taken by backend developers to protect the servers, in the end, the responsibility for securing that data is shared between both backend and frontend. While sensitive data may be safely locked in a backend warehouse, the frontend holds the keys to its front door, and stealing them is often the easiest way to gain access.

This article has explained the concept of web security and some of the more common threats against which your website should attempt to protect. Most importantly, you should understand that a web application cannot trust any data from the web browser. All user data should be sanitized before it is displayed, or used in SQL queries and file system calls.

Sécurité/Surveillance/Hacktualité

How GURPS Cyberpunk triggered a Secret Service raid of RPG publisher Steve Jackson Games' offices.

Root Me est une plateforme permettant à chacun de tester et d'améliorer ses connaissances dans le domaine de la sécurité informatique et du hacking à travers la publication de challenges, de solutions, d'articles.

:pushpin: Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security. - sundownd...

Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how to protect yourself.

A collection of various awesome lists for hackers, pentesters and security researchers - Hack-with-Github/Awesome-Hacking

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it. - vaib25vicky/aweso...

DoS tool for HTTP requests (inspired by hulk but has more functionalities) - Quitten/doser.py

Company tells employees to seek new employment after suspending all operations right before Christmas.

24 jours de web : Le calendrier de l'avent des gens qui font le web d'après.