{"id":177,"date":"2013-09-01T22:31:42","date_gmt":"2013-09-01T21:31:42","guid":{"rendered":"http:\/\/www.mickael-franc.fr\/blog\/?p=177"},"modified":"2015-11-13T15:17:38","modified_gmt":"2015-11-13T14:17:38","slug":"failles-applicatives","status":"publish","type":"post","link":"https:\/\/www.mickael-franc.fr\/blog\/failles-applicatives\/","title":{"rendered":"Failles applicatives"},"content":{"rendered":"<p><a href=\"\/\/www.mickael-franc.fr\/blog\/wp-content\/uploads\/2015\/01\/logo-owasp-v2-150_150.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-219 size-full\" src=\"https:\/\/www.mickael-franc.fr\/blog\/wp-content\/uploads\/2015\/01\/logo-owasp-v2-150_150.png\" alt=\"Logo OWASP\" width=\"150\" height=\"150\" \/><\/a>Pr\u00e9c\u00e9demment, j&rsquo;ai souhait\u00e9 par le biais de l&rsquo;article <a title=\"La s\u00e9curit\u00e9 au travers de l\u2019OWASP\" href=\"http:\/\/www.mickael-franc.fr\/blog\/la-securite-au-travers-de-lowasp\/\" target=\"_blank\">La s\u00e9curit\u00e9 au travers de l&rsquo;OWASP<\/a> amener une premi\u00e8re r\u00e9flexion sur la s\u00e9curit\u00e9 applicative au travers du guide OWASP. J&rsquo;aimerais cette fois-ci aller plus loin et d\u00e9tailler un certain nombre de vuln\u00e9rabilit\u00e9s. Cet article fera office de pr\u00e9face et r\u00e9f\u00e9rencera tous les articles sur ce th\u00e8me.<br \/>\n<!--more--><\/p>\n<h2>Introduction<\/h2>\n<p>Dans le milieu du d\u00e9veloppement informatique, la s\u00e9curit\u00e9 est trop souvent mise de cot\u00e9, et ce, pour plusieurs raisons comme par exemple :<\/p>\n<ul>\n<li>Ignorance ;<\/li>\n<li>Manque de budget ;<\/li>\n<li>Manque de consid\u00e9ration de la difficult\u00e9 d\u2019exploitation ;<\/li>\n<li>Confiance aveugle dans l\u2019utilisation d\u2019outils tiers dont le projet d\u00e9pend ;<\/li>\n<li>Confiance aveugle envers les acteurs du syst\u00e8me d\u2019information.<\/li>\n<\/ul>\n<p>C\u2019est pourquoi, en partant de ce pr\u00e9dicat, j\u2019ai souhait\u00e9, par le biais de quelques articles, d\u00e9mystifier des vuln\u00e9rabilit\u00e9s connues et souvent exploit\u00e9es. Ceci afin que chaque d\u00e9veloppeur puisse se forger une culture sur la s\u00e9curit\u00e9, qui lui permettra de d\u00e9velopper en \u00e9tant conscient des menaces et des risques qui p\u00e8sent sur son syst\u00e8me d\u2019information.<\/p>\n<p>Il existe un tr\u00e8s grand nombre de vuln\u00e9rabilit\u00e9s mais il est impossible de toutes les pr\u00e9senter, chaque article servira de base \u00e0 une r\u00e9flexion sur la s\u00e9curit\u00e9 uniquement et suivra le plan suivant :<\/p>\n<p><strong>1. Qualification de la menace <\/strong><\/p>\n<p>Chaque jour, de nouvelles vuln\u00e9rabilit\u00e9s sont d\u00e9couvertes, or, nous ne pouvons nous pr\u00e9munir contre leur totalit\u00e9. Chaque projet ayant son propre r\u00e9f\u00e9rentiel de criticit\u00e9, il est n\u00e9cessaire au pr\u00e9alable de r\u00e9pondre \u00e0 plusieurs questions :<\/p>\n<ul>\n<li>Est-ce que le syst\u00e8me d\u2019information est critique ? H\u00e9berge-t-il des donn\u00e9es sensibles ? Le service offert doit-il \u00eatre disponible en continu et sans interruption ?<\/li>\n<li>Contre quoi souhaitons-nous \u00eatre prot\u00e9g\u00e9 ? Il faut savoir \u00eatre r\u00e9aliste qu\u2019en a la capacit\u00e9 des diff\u00e9rents intervenants sur un projet r\u00e9el et de l\u2019\u00e9cosyst\u00e8me mis en place car, une protection totale n&rsquo;existe pas pour toutes les vuln\u00e9rabilit\u00e9s, il est pr\u00e9somptueux de penser que notre application est intouchable. De plus, un client n\u2019aura pas forcement les capacit\u00e9s financi\u00e8res de prot\u00e9ger son SI comme un d\u00e9veloppeur n\u2019aura pas forcement les connaissances n\u00e9cessaires (ou comp\u00e9tences) suffisantes \u00e0 la s\u00e9curisation du code applicatif.<\/li>\n<li>Que risquons-nous si cette vuln\u00e9rabilit\u00e9 est d\u00e9couverte et exploit\u00e9e ?<\/li>\n<li>Quels impacts techniques l\u2019exploitation am\u00e8nera-t-elle ? Quels acteurs du syst\u00e8me d\u2019information sont impact\u00e9s et sur quels points ? Est-ce que notre \u201cBusiness Plan\u201d le supportera ?<\/li>\n<li>Quel co\u00fbt aura un plan de restauration ? Est-il acceptable ou non ?<\/li>\n<\/ul>\n<p>Une fois le p\u00e9rim\u00e8tre d\u00e9fini, on est en mesure de prioriser l\u2019impl\u00e9mentation de correctifs de s\u00e9curit\u00e9.<\/p>\n<p><strong>2. Exemples d\u2019exploitations <\/strong><\/p>\n<p>Comprendre les m\u00e9canismes d\u2019un outil ainsi que ses d\u00e9rives permet de mieux appr\u00e9hender le sujet, donc : savoir exploiter une vuln\u00e9rabilit\u00e9 (ou conna\u00eetre son ou ses vecteurs d\u2019attaque) nous donne suffisamment de recul pour \u00eatre en mesure de d\u00e9velopper un correctif. Cette analogie est souvent v\u00e9rifi\u00e9e dans le milieu de la s\u00e9curit\u00e9 informatique.<\/p>\n<p><strong>3. M\u00e9thodes de d\u00e9fense <\/strong><\/p>\n<p>Comme \u00e9nonc\u00e9 pr\u00e9c\u00e9demment, une fois la technique d\u2019exploitation de la vuln\u00e9rabilit\u00e9 comprise, des moyens de vous en pr\u00e9munir vous seront propos\u00e9s. Chaque outil est diff\u00e9rent et dispose de m\u00e9canismes qui lui sont propres, mais pour r\u00e9pondre souvent \u00e0 la m\u00eame probl\u00e9matique de base. C\u2019est pourquoi pour toucher un maximum de personnes, j\u2019ai d\u00e9cid\u00e9 d\u2019utiliser pour mes exemples des technologies \u00e9prouv\u00e9es, adapt\u00e9es pour la plupart des sites Internet et majoritairement utilis\u00e9s (\u00e0 savoir PHP comme langage ex\u00e9cut\u00e9 c\u00f4t\u00e9 serveur et MySQL comme SGBD).<\/p>\n<p>Orienter un projet sur un axe s\u00e9curitaire, c\u2019est aussi am\u00e9liorer la qualit\u00e9 intrins\u00e8que de l\u2019application. C\u2019est un cycle it\u00e9ratif qui n\u00e9cessite de nombreuses remises en question. Cette d\u00e9marche correspond \u00e0 la m\u00e9thode de gestion de qualit\u00e9 dite PDCA (Plan-Do-Check-Act) illustr\u00e9e par la \u201cRoue de Deming\u201d.<\/p>\n<p><a href=\"\/\/www.mickael-franc.fr\/blog\/wp-content\/uploads\/2013\/09\/roue_de_deming.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-188 size-medium\" src=\"https:\/\/www.mickael-franc.fr\/blog\/wp-content\/uploads\/2013\/09\/roue_de_deming-300x235.png\" alt=\"Logo de la Roue de Deming\" width=\"300\" height=\"235\" \/><\/a><\/p>\n<p>Comme le souligne un article sur Wikip\u00e9dia (cf: <a href=\"http:\/\/fr.wikipedia.org\/wiki\/Roue_de_Deming\">http:\/\/fr.wikipedia.org\/wiki\/Roue_de_Deming<\/a>), la m\u00e9thode comporte quatre \u00e9tapes, chacune entra\u00eenant l&rsquo;autre, et vise \u00e0 \u00e9tablir un cercle vertueux. Sa mise en place doit permettre d&rsquo;am\u00e9liorer sans cesse la qualit\u00e9 d&rsquo;un produit, d&rsquo;une \u0153uvre, d&rsquo;un service, etc.<\/p>\n<ol>\n<li><strong>Plan :<\/strong> Pr\u00e9parer, planifier (ce que l&rsquo;on va r\u00e9aliser)<\/li>\n<li><strong>Do :<\/strong> D\u00e9velopper, r\u00e9aliser, mettre en \u0153uvre (le plus souvent, on commence par une phase de test)<\/li>\n<li><strong>Check :<\/strong> Contr\u00f4ler, v\u00e9rifier<\/li>\n<li><strong>Act (ou Adjust): <\/strong> Agir, ajuster, r\u00e9agir (si on a test\u00e9 \u00e0 l&rsquo;\u00e9tape Do, on d\u00e9ploie lors de la phase Act)<\/li>\n<\/ol>\n<p>Tout au long de ces articles, je me baserai sur l\u2019OWASP (Open Web Application Security Project, qui sera mon support d\u2019informations principal), sur des sources que je citerai en annexe ainsi que mon exp\u00e9rience personnelle.<\/p>\n<h2>Articles sur la s\u00e9curit\u00e9 applicative<\/h2>\n<ul>\n<li><a title=\"OWASP \/ Injections SQL\" href=\"http:\/\/www.mickael-franc.fr\/blog\/owasp-injections-sql\/\" target=\"_blank\">Injections SQL (iSQL)<\/a><\/li>\n<li><a title=\"OWASP \/ Cross-Site Scripting (XSS)\" href=\"http:\/\/www.mickael-franc.fr\/blog\/owasp-cross-site-scripting-xss\/\" target=\"_blank\">Cross-Site Scripting (XSS)<\/a><\/li>\n<li><a title=\"OWASP \/ Cross-site request forgery (CSRF ou XSRF)\" href=\"http:\/\/www.mickael-franc.fr\/blog\/owasp-cross-site-request-forgery-csrf-ou-xsrf\/\" target=\"_blank\">Cross-site request forgery (CSRF ou XSRF)<\/a><\/li>\n<li><a title=\"OWASP \/ Local-Remote File Inclusion (LFI \/ RFI)\" href=\"http:\/\/www.mickael-franc.fr\/blog\/owasp-local-remote-file-inclusion-lfi-rfi\/\" target=\"_blank\">Local-Remote File Inclusion (LFI \/ RFI)<\/a><\/li>\n<\/ul>\n<h2>Webographie<\/h2>\n<ul>\n<li>OWASP : <a href=\"https:\/\/www.owasp.org\/\">https:\/\/www.owasp.org\/<\/a><\/li>\n<li>Wikip\u00e9dia \u201cRoue de Deming\u201d : <a href=\"http:\/\/fr.wikipedia.org\/wiki\/Roue_de_Deming\">http:\/\/fr.wikipedia.org\/wiki\/Roue_de_Deming<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Pr\u00e9c\u00e9demment, j&rsquo;ai souhait\u00e9 par le biais de l&rsquo;article La s\u00e9curit\u00e9 au travers de l&rsquo;OWASP amener une premi\u00e8re r\u00e9flexion sur la s\u00e9curit\u00e9 applicative au travers du guide OWASP. J&rsquo;aimerais cette fois-ci aller plus loin et d\u00e9tailler un certain nombre de vuln\u00e9rabilit\u00e9s. Cet article fera office de pr\u00e9face et r\u00e9f\u00e9rencera tous les articles sur ce th\u00e8me.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[49,50,26,28,45,46],"class_list":["post-177","post","type-post","status-publish","format-standard","hentry","category-veille-technique","tag-conseil","tag-gestion-des-risques","tag-owasp","tag-security","tag-securite-applicative","tag-securite-des-systemes-dinformation"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Failles applicatives - Mickael FRANC (aka Pilebones)<\/title>\n<meta name=\"description\" content=\"Mickael FRANC par le biais d&#039;articles sur La s\u00e9curit\u00e9 avec l&#039;OWASP \u00e0 amen\u00e9 une premi\u00e8re r\u00e9flexion sur la s\u00e9curit\u00e9 applicative. Cette fois-ci il va d\u00e9tailler un certain nombre de vuln\u00e9rabilit\u00e9s. Cet article fera office de pr\u00e9face et r\u00e9f\u00e9rencera tous les articles sur ce th\u00e8me.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Failles applicatives - Mickael FRANC (aka Pilebones)\" \/>\n<meta property=\"og:description\" content=\"Mickael FRANC par le biais d&#039;articles sur La s\u00e9curit\u00e9 avec l&#039;OWASP \u00e0 amen\u00e9 une premi\u00e8re r\u00e9flexion sur la s\u00e9curit\u00e9 applicative. Cette fois-ci il va d\u00e9tailler un certain nombre de vuln\u00e9rabilit\u00e9s. Cet article fera office de pr\u00e9face et r\u00e9f\u00e9rencera tous les articles sur ce th\u00e8me.\" \/>\n<meta property=\"og:url\" content=\"http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/\" \/>\n<meta property=\"og:site_name\" content=\"Mickael FRANC (aka Pilebones)\" \/>\n<meta property=\"article:published_time\" content=\"2013-09-01T21:31:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-11-13T14:17:38+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/blog.clever-age.com\/wp-content\/uploads\/sites\/2\/2013\/09\/owasp_logo_150_150.jpg\" \/>\n<meta name=\"author\" content=\"Mickael FRANC\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@mickaelfranc\" \/>\n<meta name=\"twitter:site\" content=\"@mickaelfranc\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mickael FRANC\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\\\/\\\/blog.clever-age.com\\\/fr\\\/2013\\\/09\\\/18\\\/securite-owasp-faille-applicative\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/failles-applicatives\\\/\"},\"author\":{\"name\":\"Mickael FRANC\",\"@id\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/#\\\/schema\\\/person\\\/9992f50dd21435e37ce7c0558f3f780c\"},\"headline\":\"Failles applicatives\",\"datePublished\":\"2013-09-01T21:31:42+00:00\",\"dateModified\":\"2015-11-13T14:17:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/failles-applicatives\\\/\"},\"wordCount\":902,\"commentCount\":0,\"image\":{\"@id\":\"http:\\\/\\\/blog.clever-age.com\\\/fr\\\/2013\\\/09\\\/18\\\/securite-owasp-faille-applicative\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/01\\\/logo-owasp-v2-150_150.png\",\"keywords\":[\"Conseil\",\"Gestion des risques\",\"OWASP\",\"S\u00e9curit\u00e9\",\"S\u00e9curit\u00e9 Applicative\",\"S\u00e9curit\u00e9 des syst\u00e8mes d'information\"],\"articleSection\":[\"Veille technique\"],\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\\\/\\\/blog.clever-age.com\\\/fr\\\/2013\\\/09\\\/18\\\/securite-owasp-faille-applicative\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/failles-applicatives\\\/\",\"url\":\"http:\\\/\\\/blog.clever-age.com\\\/fr\\\/2013\\\/09\\\/18\\\/securite-owasp-faille-applicative\\\/\",\"name\":\"Failles applicatives - Mickael FRANC (aka Pilebones)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\\\/\\\/blog.clever-age.com\\\/fr\\\/2013\\\/09\\\/18\\\/securite-owasp-faille-applicative\\\/#primaryimage\"},\"image\":{\"@id\":\"http:\\\/\\\/blog.clever-age.com\\\/fr\\\/2013\\\/09\\\/18\\\/securite-owasp-faille-applicative\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/01\\\/logo-owasp-v2-150_150.png\",\"datePublished\":\"2013-09-01T21:31:42+00:00\",\"dateModified\":\"2015-11-13T14:17:38+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/#\\\/schema\\\/person\\\/9992f50dd21435e37ce7c0558f3f780c\"},\"description\":\"Mickael FRANC par le biais d'articles sur La s\u00e9curit\u00e9 avec l'OWASP \u00e0 amen\u00e9 une premi\u00e8re r\u00e9flexion sur la s\u00e9curit\u00e9 applicative. Cette fois-ci il va d\u00e9tailler un certain nombre de vuln\u00e9rabilit\u00e9s. Cet article fera office de pr\u00e9face et r\u00e9f\u00e9rencera tous les articles sur ce th\u00e8me.\",\"breadcrumb\":{\"@id\":\"http:\\\/\\\/blog.clever-age.com\\\/fr\\\/2013\\\/09\\\/18\\\/securite-owasp-faille-applicative\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\\\/\\\/blog.clever-age.com\\\/fr\\\/2013\\\/09\\\/18\\\/securite-owasp-faille-applicative\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"http:\\\/\\\/blog.clever-age.com\\\/fr\\\/2013\\\/09\\\/18\\\/securite-owasp-faille-applicative\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/01\\\/logo-owasp-v2-150_150.png\",\"contentUrl\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/01\\\/logo-owasp-v2-150_150.png\",\"width\":150,\"height\":150,\"caption\":\"Logo OWASP\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\\\/\\\/blog.clever-age.com\\\/fr\\\/2013\\\/09\\\/18\\\/securite-owasp-faille-applicative\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Failles applicatives\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/\",\"name\":\"Mickael FRANC (aka Pilebones)\",\"description\":\"Tech Blog &gt; \\\/ dev\\\/security\\\/adminsys\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/#\\\/schema\\\/person\\\/9992f50dd21435e37ce7c0558f3f780c\",\"name\":\"Mickael FRANC\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e377c37e9cedbf92988f5562dce48645a4edb37f86eb30a4abecb1ce11b3b4a7?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e377c37e9cedbf92988f5562dce48645a4edb37f86eb30a4abecb1ce11b3b4a7?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e377c37e9cedbf92988f5562dce48645a4edb37f86eb30a4abecb1ce11b3b4a7?s=96&d=retro&r=g\",\"caption\":\"Mickael FRANC\"},\"description\":\"Software engineer @Cisco Lyon (FR) - Enthusiast about IT security (@OWASP) - Archlinux - Golang, Bash, Embedded &amp; dev system - Paragliding remaining time\",\"sameAs\":[\"https:\\\/\\\/www.mickael-franc.fr\\\/\",\"mickael.fnc\",\"https:\\\/\\\/x.com\\\/mickaelfranc\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCWrM3BvHAkXTEMZvWmfoaAA\"],\"url\":\"https:\\\/\\\/www.mickael-franc.fr\\\/blog\\\/author\\\/mfranc\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Failles applicatives - Mickael FRANC (aka Pilebones)","description":"Mickael FRANC par le biais d'articles sur La s\u00e9curit\u00e9 avec l'OWASP \u00e0 amen\u00e9 une premi\u00e8re r\u00e9flexion sur la s\u00e9curit\u00e9 applicative. Cette fois-ci il va d\u00e9tailler un certain nombre de vuln\u00e9rabilit\u00e9s. Cet article fera office de pr\u00e9face et r\u00e9f\u00e9rencera tous les articles sur ce th\u00e8me.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/","og_locale":"fr_FR","og_type":"article","og_title":"Failles applicatives - Mickael FRANC (aka Pilebones)","og_description":"Mickael FRANC par le biais d'articles sur La s\u00e9curit\u00e9 avec l'OWASP \u00e0 amen\u00e9 une premi\u00e8re r\u00e9flexion sur la s\u00e9curit\u00e9 applicative. Cette fois-ci il va d\u00e9tailler un certain nombre de vuln\u00e9rabilit\u00e9s. Cet article fera office de pr\u00e9face et r\u00e9f\u00e9rencera tous les articles sur ce th\u00e8me.","og_url":"http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/","og_site_name":"Mickael FRANC (aka Pilebones)","article_published_time":"2013-09-01T21:31:42+00:00","article_modified_time":"2015-11-13T14:17:38+00:00","og_image":[{"url":"http:\/\/blog.clever-age.com\/wp-content\/uploads\/sites\/2\/2013\/09\/owasp_logo_150_150.jpg","type":"","width":"","height":""}],"author":"Mickael FRANC","twitter_card":"summary_large_image","twitter_creator":"@mickaelfranc","twitter_site":"@mickaelfranc","twitter_misc":{"\u00c9crit par":"Mickael FRANC","Dur\u00e9e de lecture estim\u00e9e":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/#article","isPartOf":{"@id":"https:\/\/www.mickael-franc.fr\/blog\/failles-applicatives\/"},"author":{"name":"Mickael FRANC","@id":"https:\/\/www.mickael-franc.fr\/blog\/#\/schema\/person\/9992f50dd21435e37ce7c0558f3f780c"},"headline":"Failles applicatives","datePublished":"2013-09-01T21:31:42+00:00","dateModified":"2015-11-13T14:17:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mickael-franc.fr\/blog\/failles-applicatives\/"},"wordCount":902,"commentCount":0,"image":{"@id":"http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mickael-franc.fr\/blog\/wp-content\/uploads\/2015\/01\/logo-owasp-v2-150_150.png","keywords":["Conseil","Gestion des risques","OWASP","S\u00e9curit\u00e9","S\u00e9curit\u00e9 Applicative","S\u00e9curit\u00e9 des syst\u00e8mes d'information"],"articleSection":["Veille technique"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.mickael-franc.fr\/blog\/failles-applicatives\/","url":"http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/","name":"Failles applicatives - Mickael FRANC (aka Pilebones)","isPartOf":{"@id":"https:\/\/www.mickael-franc.fr\/blog\/#website"},"primaryImageOfPage":{"@id":"http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/#primaryimage"},"image":{"@id":"http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mickael-franc.fr\/blog\/wp-content\/uploads\/2015\/01\/logo-owasp-v2-150_150.png","datePublished":"2013-09-01T21:31:42+00:00","dateModified":"2015-11-13T14:17:38+00:00","author":{"@id":"https:\/\/www.mickael-franc.fr\/blog\/#\/schema\/person\/9992f50dd21435e37ce7c0558f3f780c"},"description":"Mickael FRANC par le biais d'articles sur La s\u00e9curit\u00e9 avec l'OWASP \u00e0 amen\u00e9 une premi\u00e8re r\u00e9flexion sur la s\u00e9curit\u00e9 applicative. Cette fois-ci il va d\u00e9tailler un certain nombre de vuln\u00e9rabilit\u00e9s. Cet article fera office de pr\u00e9face et r\u00e9f\u00e9rencera tous les articles sur ce th\u00e8me.","breadcrumb":{"@id":"http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/#primaryimage","url":"https:\/\/www.mickael-franc.fr\/blog\/wp-content\/uploads\/2015\/01\/logo-owasp-v2-150_150.png","contentUrl":"https:\/\/www.mickael-franc.fr\/blog\/wp-content\/uploads\/2015\/01\/logo-owasp-v2-150_150.png","width":150,"height":150,"caption":"Logo OWASP"},{"@type":"BreadcrumbList","@id":"http:\/\/blog.clever-age.com\/fr\/2013\/09\/18\/securite-owasp-faille-applicative\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.mickael-franc.fr\/blog\/"},{"@type":"ListItem","position":2,"name":"Failles applicatives"}]},{"@type":"WebSite","@id":"https:\/\/www.mickael-franc.fr\/blog\/#website","url":"https:\/\/www.mickael-franc.fr\/blog\/","name":"Mickael FRANC (aka Pilebones)","description":"Tech Blog &gt; \/ dev\/security\/adminsys","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mickael-franc.fr\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/www.mickael-franc.fr\/blog\/#\/schema\/person\/9992f50dd21435e37ce7c0558f3f780c","name":"Mickael FRANC","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/e377c37e9cedbf92988f5562dce48645a4edb37f86eb30a4abecb1ce11b3b4a7?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e377c37e9cedbf92988f5562dce48645a4edb37f86eb30a4abecb1ce11b3b4a7?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e377c37e9cedbf92988f5562dce48645a4edb37f86eb30a4abecb1ce11b3b4a7?s=96&d=retro&r=g","caption":"Mickael FRANC"},"description":"Software engineer @Cisco Lyon (FR) - Enthusiast about IT security (@OWASP) - Archlinux - Golang, Bash, Embedded &amp; dev system - Paragliding remaining time","sameAs":["https:\/\/www.mickael-franc.fr\/","mickael.fnc","https:\/\/x.com\/mickaelfranc","https:\/\/www.youtube.com\/channel\/UCWrM3BvHAkXTEMZvWmfoaAA"],"url":"https:\/\/www.mickael-franc.fr\/blog\/author\/mfranc\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mickael-franc.fr\/blog\/wp-json\/wp\/v2\/posts\/177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mickael-franc.fr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mickael-franc.fr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mickael-franc.fr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mickael-franc.fr\/blog\/wp-json\/wp\/v2\/comments?post=177"}],"version-history":[{"count":9,"href":"https:\/\/www.mickael-franc.fr\/blog\/wp-json\/wp\/v2\/posts\/177\/revisions"}],"predecessor-version":[{"id":257,"href":"https:\/\/www.mickael-franc.fr\/blog\/wp-json\/wp\/v2\/posts\/177\/revisions\/257"}],"wp:attachment":[{"href":"https:\/\/www.mickael-franc.fr\/blog\/wp-json\/wp\/v2\/media?parent=177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mickael-franc.fr\/blog\/wp-json\/wp\/v2\/categories?post=177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mickael-franc.fr\/blog\/wp-json\/wp\/v2\/tags?post=177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}