Description Cross-Site Scripting is a specific consequence of an injection attack. The goal is to make a web browser execute arbitrary scripting code (Javascript, ActionScript, ActiveX…) usually to steal personal information. Examples Persistent XSS attack The attacker’s bank website proposes a messaging service to communicate with the clerk. The attacker posts the following message: Happy […]

Description The attacker sends untrusted data that will be injected in the targeted application to change its behaviour. The goal of this attack is usually to steal data but it can also be used to delete or corrupt your data or result in denial of service. Example I’m connected on my bank website and I […]

When starting a new web application, the security risks are sadly often underestimated by everyone (developers, architects, IT, managers…). Web applications are more vulnerable to attacks compared to standalone applications as they usually expose a service over a network to a potentially large population of users. Of course, the risk is higher when the population […]

J’ai tout simplement adoré cette keynote, qui a ouvert en beauté le Scrum Gathering Paris. C’est simple, elle m’a donné envie de postuler chez Spotify ! J’ai particulièrement apprécié la simplicité et le pragmatisme de l’approche décrite par Henrik. Ce que j’ai retenu de la keynote : “Culture is stuff that people do without noticing […]

Le 17 Octobre 2013 aura lieu notre prochain IppEvent, spécial “SpringOne2GX”. Ce sera l’occasion de : Voir en live ma présentation “Performance-tuning the Spring Pet Clinic”. La présentation sera évidemment en Français cette fois-ci ! Nous parlerons de profiler, locks mémoire, architecture stateless, garbage collection, cache, JDBC vs JPA, et bien d’autres choses encore… Avoir […]