public marks

PUBLIC MARKS with tag security

October 2016

September 2016

July 2016

March 2016

The Basics of Web Application Security

by Spone
Modern web development has many challenges, and of those security is both very important and often under-emphasized. While such techniques as threat analysis are increasingly recognized as essential to any serious development, there are also some basic practices which every developer can and should be doing as a matter of course.

January 2016

Bounty Factory | European Bug Bounty platform

by srcmax (via)
First european bug bounty platform that relies on european economic area rules, principles and legislation.

The high-tech cop of the future is here today

by sbrothier
In November 2015, a video was released to the public showing 17-year-old Laquan McDonald— a black kid who went to school in Chicago’s South Side—being shot 16 times in less than 15 seconds by Jason Van Dyke, a white officer with the Chicago Police Department. Protests erupted around the country, and to this day, protests continue in Chicago. Not only was this an example of an officer brazenly ignoring protocol and killing another human being with wanton disregard for the law, it was also evidence of an apparent cover-up: McDonald was killed in October 2014, and it took at least one lawsuit and 13 months for the city to hand over the video—seemingly an inherently public record—to journalists and lawyers working the case.

December 2015

November 2015

New Chrome security policy: powerful features will be removed on insecure origins

by srcmax & 1 other
Google recently announced a security policy change that will impact future versions of the Chrome browser. Chrome is already warning that support to powerful features on insecure origins (HTTP) is deprecated, and according to recent announcements the removal will take place soon.

The impact of Google’s new Chrome security policy on WebRTC | TokBox Blog

by srcmax
After we published this post Google announced that they are pushing back the release date of the HTTPS security change. They’re estimating that it will now be released to production in December 2015.

Deprecating Powerful Features on Insecure Origins - The Chromium Projects

by srcmax (via)
As with gradually marking HTTP as non-secure, we expect to gradually migrate these features to secure-only, based on thresholds of usage, starting with lowest usage and moving towards higher. We also expect to gradually indicate in the UX that the features are deprecated for non-secure origins.

October 2015

August 2015

July 2015

Developers are exposing their Git directories to the world

by srcmax
Jamie Brown, a developer, wrote on his blog that 1 in every 600 websites has its .git folder exposed to the world.It’s a rookie mistake to make when you deploy a site.

May 2015

April 2015

February 2015

RadicalResearch HSTS Super Cookies

by Krome
Websites could use a security feature of your iPad to track your browsing even if you clear the browser history.

WordPress › Disable XML-RPC Pingback « WordPress Plugins

by srcmax
Stops abuse of your site's XML-RPC by simply removing some methods used by attackers. While you can use the rest of XML-RPC methods.

January 2015

Ceci n'est pas un blog: Le challenge du logo ANSSI

by sbrothier
Voici ma solution du challenge caché dans le logo de l'ANSSI. Cet article a été publié dans le magazine MISC n°73 de mai/juin 2014 et il est désormais disponible sous licence Creative Commons BY-NC-ND. Puisse-t-il vous divertir !

PUBLIC TAGS related to tag security

api +   architecture +   auth +   authentication +   clevermarks +   CommonJS +   faq +   identité +   identity +   imported +   javascript +   js +   oAuth +   openid +   opensource +   twitter +   web +