Sécurité

We tear down some infosec conventional wisdom—there's a lot of bad advice out there.

An easy-to-use digital safety checklist

The new Sanitizer API aims to build a robust processor for arbitrary strings to be safely inserted into a page. This article introduces the API, and explains its usage.

Penetration Tester | Ethical Hacker | Web Application Security

La matrice D3FEND de Mitre explique la terminologie des techniques défensives de cybersécurité et leur rapport avec les méthodes offensives.

Proposé par Université de Stanford. Cryptography is an indispensable tool for protecting information in computer systems. In ... Inscrivez-vous gratuitement.

A database of software vulnerabilities, using data from maintainer-submitted advisories and from other vulnerability databases.

XS-Leaks Wiki # Overview # Cross-site leaks (aka XS-Leaks, XSLeaks) are a class of vulnerabilities derived from side-channels 1 built into the web platform. They take advantage of the web’s core principle of composability, which allows websites to interact with each other, and abuse legitimate mechanisms 2 to infer information about the user. One way of looking at XS-Leaks is to highlight their similarity with cross-site request forgery (CSRF 3) techniques, with the main difference being that instead of allowing other websites to perform actions on behalf of a user, XS-Leaks can be used to infer information about a user.

Finally, the true story behind the DNSimple character Trusty.

The Official Sqreen Blog

Inhibitor181 is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne.

Veille sécurité collaborative via news.torii-security.fr

J’ai récemment vu passer un tweet de la gendarmerie des Vosges sur la solidité des mots de passe contenant ce tableau : https://twitter.com/Gendarmerie088/status/1303213404669308928 Bien que très intéressant et donnant une bonne idée de la complexité qu’il faut donner à un mot de passe, cette

This article covers security aspects to consider when creating forms for the web. We'll be applying security principles for the frontend, backend, DNS and more.

Un objet connecté (IoT) peut présenter des vulnérabilités. Voici 10 bonnes pratiques à adopter pour utiliser au mieux vos objets connectés en sécurité.

In this post, learn about the main findings of Sqreen's State of Application Security report, related to the PHP language.

XXE -- XML External Entity -- is one of the OWASP Top Ten vulnerabilities. Learn more about what it is and how you can prevent exploits

Download CrackStation's password cracking wordlist.

The largest collection of rainbow tables anywhere - completely free to download

Built-in Kali Linux wordlist rockyou.txt

Securing containers is a complex task. The problem space is broad, vendors are on fire, there are tons of checklists and best practices and it’s hard to prioritize solutions. So if you had to implement a container security strategy where would you start?

Learn how clickjacking attacks implement visual tricks to capture users' clicks, and how you can prevent them by applying client-side and...

You have no idea if the contents are safe or malicious.

Brian C Tracy Brown University Palo Alto personal website Brian Tracy - copy-paste-shell

The Cisco Annual Internet Report is a global forecast/analysis that assesses digital transformation across various business segments (enterprise, small-to-medium business, public sector, and service provider). The report covers fixed broadband, Wi-Fi, and mobile (3G, 4G, 5G) networking. Quantitative projections are provided on the growth of Internet users, devices and connections as well as network performance and new application requirements.

Sexuality, relationships and online dating are all rather personal things. They're aspects of our lives that many people choose to keep private or at the very least, share only with people of our choosing. Grindr is "The World's Largest Social Networking App for Gay, Bi, Trans, and Queer People" which