Web applications

Website security field has exploded in the recent years, the complexity of the code and the architecture of these sites are so developed that the term "web application" is more appropriate.
Here I will not repeat what you can learn on the OWASP web site that you SHOULD read if you are interested into web security, but you will find other personal researches and code example that can help you to improve the security of your webapp.

The last articles

XSS : Get string without quote
Published on 2 January 2017
by Georges Michel

Good year 2017 :)

Yesterday I was stuck when I DOM-based XSSed a website which removes quotes, double-quotes, parenthesis and back-tick.

I don’t know if the trick is obvious because I didn’t search, but I found a pretty use of JavaScript RegExp short notation.

I haven’t found yet a (...)

Javascript -Java compatible encryption
Published on 7 April 2011
by Emeric Nasi

License : Copyright Emeric Nasi, some rights reserved

This work is licensed under a Creative Commons Attribution 4.0 International License.

Introduction

I decided a few weeks ago to create my own Java "stealth malware" I called Bromo. This malware’s goal is to test and demonstrate Java (...)