2010
Web Application Exploits and Defenses
by parmentierf & 2 others (via)
# Learn how hackers find security vulnerabilities!
# Learn how hackers exploit web applications!
# Learn how to stop them!
La sécurité du web passera-t-elle par vous ? : Ergonomie web, Ruby on Rails et Architecture de l'information
by parmentierf
Un bon article de synthèse sur la sécurité des sites web.
2009
Main Page - OWASP
by parmentierf & 9 others
The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software.
2008
Installation de CGI Proxy, solution de proxy http
by rmaltete (via)
Ce tutorial vous expliquera comment mettre en oeuvre derrière Apache 2 le script CGI Proxy qui peut vous servir aussi bien à surfer anonyme (désactivation de scripts pendant la navigation), à accéder aux serveurs web de machine situées dans un réseau local, à contrer la censure …
ratproxy - Google Code
by parmentierf & 6 others (via)
A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.
Finding SQL Injection with Scrawlr - The HP Security Laboratory
by parmentierf & 1 other (via)
Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.
Avis d’expert : GoolagScan, ange ou démon ? par Fabien Spagnolo – Tribune Solutions
by parmentierf
Utilisé à mauvais escient, l'outil GoolagScan est particulièrement dangeureux... Mais utilisé par les administrateurs de sites Web, il peut devenir leur meilleur allié.
2007
Domains by Proxy
by rmaltete
The law requires that the personal information you provide with every
domain you register be made public in the "WHOIS" database. Your
identity becomes instantly available - and vulnerable - to spammers,
scammers, prying eyes and worse.
But now there's a solution: Domains By Proxy®!
à voir...
Chapter 20: Security
by parmentierf (via)
Le chapitre du Django Book sur la sécurité est sorti aujourd'hui et je pense que tous les développeurs web un peu consciencieux devraient aller le lire, c'est une bonne base.
Welcome to OpenID Enabled! — OpenID Enabled
by parmentierf & 6 others (via)
From the developers of the Python-OpenID library and MyOpenID.com (where you can get an OpenID for free -- you can also choose from a number of other OpenID providers) this is a website by OpenID developers, for OpenID developers.
2006
2005
Top 7 PHP Security Blunders
by rmaltete & 2 others
PHP's availability, ease of use, and support makes it the first choice for many budding developers. Yet the potential for the unwary coder to overlook certain key aspects of security lands countless developers in hot water. Pax explores the key security holes, common issues, and typical oversights in this hands-on primer.
1
(17 marks)
