HSC
Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Resources > Lectures > Web 2.0 : more ergonomic... and less secure ?
Go to: HSC Trainings
Search:  
Version française
   Services   
o Skills & Expertise
o Consulting
o ISO 27001 services
o Vulnerabilities monitoring
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o ARJEL
o Training courses
o E-learning
   Conferences   
o Agenda
o Past events
o Tutorials
   Resources   
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
   Company   
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
 communication
 
 
o HSC Newsletter
o Press review
o Press releases
o Publications
   Contacts   
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Web 2.0 : more ergonomic... and less secure ?  
> Access to the content HTML Beginning of the presentation
PDF PDF version [343 KB]
AdobeFlash Adobe Flash version  
> Description  
> Context & Dates Talk presented during the JSSI - Journée Sécurité des Systèmes d'Informations, on 22 May 2007.
 
> Author Renaud Feil 
> Type [ French - HTML ]  
> Abstract &
Table of content
Flyleaf
Sommaire
Le nouveau modèle de développement du Web 2.0 et son impact sur la sécurité
Les limites ergonomiques du Web 1.0
Le Web 2.0 : un nouveau modèle de développement
L'impact de ce nouveau modèle pour la sécurité
Partie 2 : Retours d'expériences sur les vulnérabilités fréquemment rencontrées dans les applications Web 2.0
Causes des vulnérabilités propres au Web 2.0
Vulnérabilités causées par la volonté d'ergonomie du Web 2.0
Vulnérabilités dues à une mauvaise utilisation des formats et protocoles
Vulnérabilité « classique », mais dont l'exploitation et l'impact augmentent
Partie 3 : Le rôle des outils de développement dans la sécurité du Web 2.0
Présentation de quelques outils de développement
Démonstration des risques liés à l'utilisation d'outils de développement
Partie 4 : Les solutions concrètes pour améliorer la sécurité dans les applications... et leurs limites
Respecter les bonnes pratiques
Formation des concepteurs et développeurs
Mise en place d'un processus de développement sécurisé
Utilisation d'outils d'analyse automatique de code source
Réalisation d'audits de code source avant la mise en production
Mise en place de mécanismes de sécurité externes à l'application
Conclusion
Remerciements  
> Related documents
themeWeb
[Course]  Web Servers and applications Security
[Tool]  Webef tool [Bruteforcer of web server files and directories - English]
[Presentation]  Webshells, or how to open your network's doors ? [21 October 2010 - French]
[Presentation]  JBoss AS: exploitation and reassure [11 June 2010 - French]
[Presentation]  Webshells, or how to open your network's doors ? [16 March 2010 - French]
[Presentation]  Webshells, real threat for information systems ? [1 December 2009 - French]
[Presentation]  Security issue seen in enterprises web applications [27 November 2008 - French]
[Presentation]  Application security [23 October 2008 - French]
[Presentation]  Feedback from PHP applications assessment [21 November 2007 - French]
[Presentation]  Evolution of Cross-Site Request Forgery Attacks [1 June 2007 - French]
[Presentation]  Encrypting hostile Web content over HTTP [31 May 2007 - French]
[Tip]  Configuring and using modsecurity2 [24 April 2007 - French]
[Tip]  Presentation of Apache ModSecurity module [14 June 2006 - French]
[Presentation]  Database and ERP security [15 June 2005 - French]
[Presentation]  SSL VPN connection multiplexing techniques [7 April 2005 - English]
[Presentation]  PHP and security [27 November 2003 - French]
[Presentation]  Web Services and Security [10 September 2003 - French]
[Tip]  HTTP/HTTPS authentication methods [10 March 2003 - French]
[Presentation]  The cross-site scripting [27 February 2003 - French]
[Presentation]  DBMS and security [1 April 2002 - French]
[Presentation]  Apache and web servers security [1 February 2002 - French]
[Tip]  Implementing filtering on a reverse HTTP proxy using mod_eaccess [3 September 2001 - French]
[Tool]  Subweb tool [HTTP reverse proxy - English]
[Tool]  Babelweb tool [Automatic information retrieving from of a web server - English]
[Tip]  Universal CGI wrapper [5 August 2001 - French]
[Tip]  Why HTTPS is not web security [7 May 2001 - English]
[Tip]  Filtering URLs in a reverse proxy [5 May 2001 - French]
[Presentation]  Hacking web servers [14 March 2001 - French]
[Tip]  Why a reverse proxy [13 February 2001 - French]
[Tip]  Apache as a reverse proxy [11 November 2000 - French]
[Presentation]  Secure internet services (email, DNS, web) under Linux [26 September 2000 - English]
[Presentation]  Secure internet services (email, DNS, web) under Linux [26 April 2000 - French/English]
[Presentation]  Secure Internet services (email, DNS, web) under Linux [1 February 2000 - French]
[Techno-watch]  Netscape [16 January 1996 - French]
themeSecure Programming
[Course]  Secure Programming
[Presentation]  Application security [23 October 2008 - French]
[Presentation]  Feedback from PHP applications assessment [21 November 2007 - French]
[Presentation]  Evolution of Cross-Site Request Forgery Attacks [1 June 2007 - French]
[Presentation]  Security in software developments [11 May 2007 - French]
[Presentation]  PHP and security [27 November 2003 - French]
[Presentation]  How to design secure network applications based on privilege separation [11 July 2002 - French/English]
[Presentation]  Secure programming and software traps [18 March 2002 - French]
themeE-Business
[Presentation]  Evolution of Cross-Site Request Forgery Attacks [1 June 2007 - French]
[Presentation]  Web Services and Security [10 September 2003 - French]
[Presentation]  Risks and solutions of an e-business project [28 September 2001 - French]
[Presentation]  Controling the risks associated with e-business [21 June 2000 - French]
[Techno-watch]  Electronic Commerce on the Internet [9 May 1996 - English]
[Techno-watch]  Télémarket sur Multicâble [26 February 1996 - French]
[Techno-watch]  Globe-On-Line [12 July 1995 - French]
[Techno-watch]  EverGreen [16 May 1995 - English]
[Techno-watch]  Le réseau ARTUUS [15 May 1995 - French]
> Copyright © 2007, Hervé Schauer Consultants, all rights reserved.

 

Last modified on 28 May 2007 at 18:48:09 CET - webmaster@hsc.fr
Information on this server - © 1989-2010 Hervé Schauer Consultants