2017
2014
An Introduction to Content Security Policy - HTML5 Rocks
Instead of blindly trusting everything that a server delivers, CSP defines the Content-Security-Policy HTTP header that allows you to create a whitelist of sources of trusted content, and instructs the browser to only execute or render resources from those sources. Even if an attacker can find a hole through which to inject script, the script won’t match the whitelist, and therefore won’t be executed.
w3af - Open Source Web Application Security Scanner
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
Our framework is proudly developed using Python to be easy to use and extend, and licensed under GPLv2.0.
2013
2009
exemple-faille-XSS2.png
copie écran du site Carrefour
Cross site scripting - exemple d'URL non sécurisé
cf. copie ecran : http://www.flickr.com/photos/dzc34f/3746043632/sizes/o/
2008
Introduction aux Cross Site Request Forgeries ou Sea Surf - Apprendre-PHP.com
by 2 others (via)Cross Site Request Forgeries
1
(25 marks)
