Other
Other activities on Application Security topics.
Book
-
Technical editor for the book Alice and Bob Learn Application Security.
Vulnerability study
Technical blog post
-
What is the purpose of the Common Vulnerabilities and Exposures (CVE) systems from a security perspective?.
-
Discovery of Cloud Native applications from an application security perspective.
-
Agile threat modeling and the “the devil is in the details” idiom.
-
Discovery of Self Sovereign Identity (SSI) from a security perspective.
-
Continuous deployment: applying security for web application development.
-
Risks linked to external dependencies.
-
What is Web Cryptography API?.
-
How to evaluate an OAuth/OpenID Connect system from a security point of view?.
-
How to automatically validate the configuration of your API Gateway.
-
How to report a security issue in a standardized manner with Security.txt.
-
Password hashing: Be careful about what you hash!.
-
Android mobile application cloning.
Technical post on Social Network
-
Tips regarding the Content-Security-Policy restriction bypass.
-
Tips regarding the XPS file format.
-
Tips regarding the bypass of the mime type detection by the Apache Tika java library.
-
Tips regarding the assessment of a web API based on SpringBoot.
-
Tips regarding the assessment of a SPA via the map files.
-
Hijack the HTTP/FTP call flow in a .NET app via its configuration file.
-
Tips regarding the assessment of a Java app via the JDK tools.
-
Tips regarding the validation of the signature of a binary file in .NET.
Profile on online training platforms
-
PentesterLab (actively used).
-
PortSwigger Web Security Academy (actively used).
-
Root-Me (not used anymore).
-
HackTheBox (not used anymore).