Other activities on Application Security topics.

Book

• Technical editor for the book Alice and Bob Learn Application Security.

Vulnerability study

• Analysis of the Log4Shell vulnerability.

Technical blog post

• Discovery of Cloud Native applications from an application security perspective.
• Agile threat modeling and the “the devil is in the details” idiom.
• Discovery of Self Sovereign Identity (SSI) from a security perspective.
• Continuous deployment: applying security for web application development.
• Risks linked to external dependencies.
• What is Web Cryptography API?.
• How to evaluate an OAuth/OpenID Connect system from a security point of view?.
• How to automatically validate the configuration of your API Gateway.
• How to report a security issue in a standardized manner with Security.txt.
• Password hashing: Be careful about what you hash!.
• Android mobile application cloning.

Technical post on Social Network

• Tips regarding the Content-Security-Policy restriction bypass.
• Tips regarding the XPS file format.
• Tips regarding the bypass of the mime type detection by the Apache Tika java library.
• Tips regarding the assessment of a web API based on SpringBoot.
• Tips regarding the assessment of a SPA via the map files.
• Hijack the HTTP/FTP call flow in a .NET app via its configuration file.
• Tips regarding the assessment of a Java app via the JDK tools.
• Tips regarding the validation of the signature of a binary file in .NET.

Profile on online training platforms

• PentesterLab (actively used).
• PortSwigger Web Security Academy (actively used).
• Root-Me (not used anymore).
• HackTheBox (not used anymore).