Sécurité

OWASP has documented the top means of automated attacks against web apps. Let's discuss how to stay ahead of the top OWASP automated threats.

How long it would take a computer to crack your password?

Lock your app down and make it less susceptible to bad actors

Wearing a striped shirt and Matrix-style dark glasses, Onel de Guzman stared at the floor as he made his way through a crowd of photographers into a hastily arranged press conference in Quezon City, a suburb of the Philippines capital Manila.

Security as code is another name for DevSecOps—or, focusing on security when developing your code. Read this to learn its benefits and best practices.

In the 1980’s, Cliff Stoll discovered a $0.75 accounting error on the computer systems he managed at Lawrence Berkeley Laboratory. This small discovery would eventually lead him on the year-l…

Web security is a topic that is often overlooked by frontend developers. When we assess the quality of the website, we often look at metrics like performance, SEO-friendliness, and accessibility, while the website’s capacity to withstand malicious attacks often falls under the radar. And even though the sensitive user data is stored server-side and significant measures must be taken by backend developers to protect the servers, in the end, the responsibility for securing that data is shared between both backend and frontend. While sensitive data may be safely locked in a backend warehouse, the frontend holds the keys to its front door, and stealing them is often the easiest way to gain access.

This article has explained the concept of web security and some of the more common threats against which your website should attempt to protect. Most importantly, you should understand that a web application cannot trust any data from the web browser. All user data should be sanitized before it is displayed, or used in SQL queries and file system calls.

Kontra is an Application Security Training platform built for modern development teams.

Sécurité/Surveillance/Hacktualité

How GURPS Cyberpunk triggered a Secret Service raid of RPG publisher Steve Jackson Games' offices.

Root Me est une plateforme permettant à chacun de tester et d'améliorer ses connaissances dans le domaine de la sécurité informatique et du hacking à travers la publication de challenges, de solutions, d'articles.

:pushpin: Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security. - sundownd...

Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how to protect yourself.

A collection of various awesome lists for hackers, pentesters and security researchers - Hack-with-Github/Awesome-Hacking

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it. - vaib25vicky/aweso...

DoS tool for HTTP requests (inspired by hulk but has more functionalities) - Quitten/doser.py

Company tells employees to seek new employment after suspending all operations right before Christmas.

24 jours de web : Le calendrier de l'avent des gens qui font le web d'après.

This is an open-source version of 'Security Training for Engineers', PagerDuty's internal employee technical security training, open to all PagerDuty employees as part of our continuous security training program.

In a recent study titled Usage and Attribution of Stack Overflow Code Snippets in GitHub Projects, an answer I wrote almost a decade ago was found to be the most copied snippet on Stack Overflow. Ironically it happens to be buggy.

Download a free, fully functional evaluation of PassMark OSForensics from this page, or download a sample hash set for use with OSForensics. 32-bit and 64-bit versions of OSForensics are available.

Friendly white-hat hackers who gently access your vulnerable systems and patch them when you are not allowed to.

Firefox Lockwise lets you securely access the passwords you’ve saved in Firefox from anywhere — even outside of the browser. Features 256-bit encryption and Face/Touch ID.

Thirty years ago, Cliff Stoll published The Cuckoo's Egg, a book about his cat-and-mouse game with a KGB-sponsored hacker. Today, the internet is a far darker place—and Stoll has become a cybersecurity icon.

Venez jouer et apprendre de nouvelles techniques!