disponibles – nos applications : c’est nous qui en sommes responsables OWASP1 • Open Web Application Security Project 1https://owasp.org/ 1 • Fondation pour améliorer la sécurité des webapps • Fondée en Méthode3, CVSS4, CWE5 – Grande communauté d’experts – Formation, documentation et ressources – Outils d’audit, de tests et de formation Top 106 OWASP 2021 (fr7 - historique8) 1. Contrôle d’accès défaillants hahwul.com/cullinan/history-of-owasp-top-10/ 9https://cheatsheetseries.owasp.org/cheatsheets/NPM_Security_Cheat_Sheet.html 2 – HTML – SQL – Javascript – … Injections SQL • Modifier les requêtes envoyées

HTTP sécurisé par SSL/TLS, par défaut sur le port 443 1 Secure Socket Layer –> Transport Layer Security • Conçu par Netscape (v2.0 en 1994, v3.0 en 1996) • Brevet racheté par l’IETF : TLS v1.0 en 1999 minimisent et accélèrent les échanges • Certificats gratuits • Mise en place simplifiée Ressources • Security Party 23.10.20097 • SebSauvage8 • HTTPS en détails : – Diagramme de séquence HTTPS9 – Diagramme com/networking/ssl-tls/https-ssl-tls-session-for-spdy.pdf 11https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work/20847#20847 12https://security.stackexchange.com/questions/55454/how-long-does-an-h

iii. Contribution Guide i. Bug Reports ii. Core Development Discussion iii. Which Branch? iv. Security Vulnerabilities v. Coding Style 3. Setup i. Installation i. Install Composer ii. Install Laravel Upgrading To 4.1 From 4.0 Contribution Guide Bug Reports Core Development Discussion Which Branch? Security Vulnerabilities Coding Style Prologue Laravel 5.0 Laravel 4.2 Laravel 4.1 Laravel 5.0 introduces category. Move your views from app/views to the new resources/views directory. For better security by default, Laravel 5.0 escapes all output from both the {{ }} and {{{ }}} Blade directives

2.8  Fix double slash bug in URLs when using languages and no "index.php".  Fix possible security issue in Auth "remember me" cookies. Upgrading From 3.2.7  Replace the laravel folder. should be taken when mass-assigning using user-input. Technical oversights could cause serious security vulnerabilities. Converting Models To Arrays When building JSON APIs, you will often need to

regular double braces syntax {{ }}, are filtered through PHP's htmlspecialchars function, for security (preventing malicious injection of HTML in the view). If you would like to bypass this behavior everything in the public_html folder is accessible "publically i.e. by anyone" which would be a big security risk. Steps to upload a project to shared hosting account - the Laravel way Step 1 Create a folder

which you don’t want to write yourself, as it’s a quite important and needs to be well tested for security issues. 56 I recommend you take a look at the file structure and compare it to the first project