Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
You are here
:
Home
>
Resources
>
Lectures
> Web 2.0 : more ergonomic... and less secure ?
Go to:
HSC Trainings
Search
:
Services
Skills & Expertise
Consulting
ISO 27001 services
Vulnerabilities monitoring
Audit & Assessment
Penetration tests
Vunerability assessment (TSAR)
Forensics
ARJEL
Training courses
E-learning
Conferences
Agenda
Past events
Tutorials
Resources
Thematic index
Tips
Lectures
Courses
Articles
Tools (download)
Vulnerability watch
Company
Hervé Schauer
Team
Job opportunities
Credentials
History
Partnerships
Associations
Press and
communication
HSC Newsletter
Press review
Press releases
Publications
Contacts
How to reach us
Specific inquiries
Directions to our office
Hotels near our office
Web 2.0 : more ergonomic... and less secure ?
Access to the content
Beginning of the presentation
PDF version
[343 KB]
Adobe Flash version
Description
Context & Dates
Talk presented during the JSSI - Journée Sécurité des Systèmes d'Informations, on 22 May 2007.
Author
Renaud Feil
Type
[
-
]
Abstract &
Table of content
Flyleaf
Sommaire
Le nouveau modèle de développement du Web 2.0 et son impact sur la sécurité
Les limites ergonomiques du Web 1.0
Le Web 2.0 : un nouveau modèle de développement
L'impact de ce nouveau modèle pour la sécurité
Partie 2 : Retours d'expériences sur les vulnérabilités fréquemment rencontrées dans les applications Web 2.0
Causes des vulnérabilités propres au Web 2.0
Vulnérabilités causées par la volonté d'ergonomie du Web 2.0
Vulnérabilités dues à une mauvaise utilisation des formats et protocoles
Vulnérabilité « classique », mais dont l'exploitation et l'impact augmentent
Partie 3 : Le rôle des outils de développement dans la sécurité du Web 2.0
Présentation de quelques outils de développement
Démonstration des risques liés à l'utilisation d'outils de développement
Partie 4 : Les solutions concrètes pour améliorer la sécurité dans les applications... et leurs limites
Respecter les bonnes pratiques
Formation des concepteurs et développeurs
Mise en place d'un processus de développement sécurisé
Utilisation d'outils d'analyse automatique de code source
Réalisation d'audits de code source avant la mise en production
Mise en place de mécanismes de sécurité externes à l'application
Conclusion
Remerciements
Related documents
Web
Web Servers and applications Security
Webef tool
[Bruteforcer of web server files and directories -
]
Webshells, or how to open your network's doors ?
[21 October 2010 -
]
JBoss AS: exploitation and reassure
[11 June 2010 -
]
Webshells, or how to open your network's doors ?
[16 March 2010 -
]
Webshells, real threat for information systems ?
[1 December 2009 -
]
Security issue seen in enterprises web applications
[27 November 2008 -
]
Application security
[23 October 2008 -
]
Feedback from PHP applications assessment
[21 November 2007 -
]
Evolution of Cross-Site Request Forgery Attacks
[1 June 2007 -
]
Encrypting hostile Web content over HTTP
[31 May 2007 -
]
Configuring and using modsecurity2
[24 April 2007 -
]
Presentation of Apache ModSecurity module
[14 June 2006 -
]
Database and ERP security
[15 June 2005 -
]
SSL VPN connection multiplexing techniques
[7 April 2005 -
]
PHP and security
[27 November 2003 -
]
Web Services and Security
[10 September 2003 -
]
HTTP/HTTPS authentication methods
[10 March 2003 -
]
The cross-site scripting
[27 February 2003 -
]
DBMS and security
[1 April 2002 -
]
Apache and web servers security
[1 February 2002 -
]
Implementing filtering on a reverse HTTP proxy using mod_eaccess
[3 September 2001 -
]
Subweb tool
[HTTP reverse proxy -
]
Babelweb tool
[Automatic information retrieving from of a web server -
]
Universal CGI wrapper
[5 August 2001 -
]
Why HTTPS is not web security
[7 May 2001 -
]
Filtering URLs in a reverse proxy
[5 May 2001 -
]
Hacking web servers
[14 March 2001 -
]
Why a reverse proxy
[13 February 2001 -
]
Apache as a reverse proxy
[11 November 2000 -
]
Secure internet services (email, DNS, web) under Linux
[26 September 2000 -
]
Secure internet services (email, DNS, web) under Linux
[26 April 2000 -
]
Secure Internet services (email, DNS, web) under Linux
[1 February 2000 -
]
Netscape
[16 January 1996 -
]
Secure Programming
Secure Programming
Application security
[23 October 2008 -
]
Feedback from PHP applications assessment
[21 November 2007 -
]
Evolution of Cross-Site Request Forgery Attacks
[1 June 2007 -
]
Security in software developments
[11 May 2007 -
]
PHP and security
[27 November 2003 -
]
How to design secure network applications based on privilege separation
[11 July 2002 -
]
Secure programming and software traps
[18 March 2002 -
]
E-Business
Evolution of Cross-Site Request Forgery Attacks
[1 June 2007 -
]
Web Services and Security
[10 September 2003 -
]
Risks and solutions of an e-business project
[28 September 2001 -
]
Controling the risks associated with e-business
[21 June 2000 -
]
Electronic Commerce on the Internet
[9 May 1996 -
]
Télémarket sur Multicâble
[26 February 1996 -
]
Globe-On-Line
[12 July 1995 -
]
EverGreen
[16 May 1995 -
]
Le réseau ARTUUS
[15 May 1995 -
]
Copyright
© 2007, Hervé Schauer Consultants, all rights reserved.
Last modified on 28 May 2007 at 18:48:09 CET - webmaster@hsc.fr
Information on this server
- © 1989-2010 Hervé Schauer Consultants
-
![[Course]](/gif/icone.formations.png){kind=small}
![[Tool]](/gif/icone.outils.png){kind=small}
]
![[Presentation]](/gif/icone.supports.png){kind=small}
![[Tip]](/gif/icone.breves.png){kind=small}
]
![[Techno-watch]](/gif/icone.veille.png){kind=small}