PUBLIC MARKS with tag "securité site web"

Instead of blindly trusting everything that a server delivers, CSP defines the Content-Security-Policy HTTP header that allows you to create a whitelist of sources of trusted content, and instructs the browser to only execute or render resources from those sources. Even if an attacker can find a hole through which to inject script, the script won’t match the whitelist, and therefore won’t be executed.

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. Our framework is proudly developed using Python to be easy to use and extend, and licensed under GPLv2.0.

copie écran du site Carrefour

cf. copie ecran : http://www.flickr.com/photos/dzc34f/3746043632/sizes/o/

SQL Injection Cheat Sheet

Cross Site Request Forgeries

CSRF