Showing items from Cybersecurity

Same-site cookie, a new protection against CSRF

• Nourredine Khadri
• 5 Min To Read
• 02 Jul, 2018
• • Cybersecurity

CSRF has long been a well-known topic in the OWASP Top 10. Many protections and mitigations exist and are more or less easy to implement (synchronized token, custom request header, encrypted token, double submit cookie pattern,…). A new kid on the block has recently emerged and is increasingly supported by recent browsers: a very simple mitigation based on the SameSite cookie attribute.

BlockChain : les adresses sont-elles sécurisées ?

• Hubert Marteau
• 7 Min To Read
• 28 Mar, 2018
• • Cybersecurity

Tout utilisateur de BlockChain est représenté par un trio de grands nombres : l’adresse qu’il utilise sur la BlockChain, la clé publique qui permet à chacun de vérifier les transactions de cet utilisateur et la clé privée que l’utilisateur garde secrètement et qui lui permet de signer ses transactions. Usurper l’identité d’un utilisateur sur une BlockChain revient donc à s’accaparer ce trio. On est donc en droit de se demander à quel point le système est sécurisé.

On the (in)security of Internet routing

• Antoine Fressancourt
• 10 Min To Read
• 17 Jan, 2018
• • Cybersecurity

How is routing done in the Internet today?

Today, we live a connected life, and we often take the Internet for granted. But if you think twice about it, Internet is a kind of little miracle. Indeed, for the Internet to work properly, thousands of networks need to cooperate. Those networks are built and administrated by different companies, universities or individuals. Yet, their loose cooperation is needed in order for you to be able to see the cat GIF image that someone else has posted on a website.

Json Web Tokens - Should I use it?

• Simon Henry
• 10 Min To Read
• 24 Nov, 2017
• • Cybersecurity

Recently you might have read or heard a lot of different things about Json Web Tokens . When you start a project today, it may be difficult to know when you should or should not use JWT.

Why TLS if not confidential ?

• Jean-Baptiste Lanel
• 3 Min To Read
• 19 Jun, 2017
• • Cybersecurity

It occurred to me more than once, that when I suggested that a URL should better be served in HTTPS, I have been replied that there was no need for that because that URL didn’t host any confidential data. The data is not confidential, OK, but still critical, as an alteration of the hosted data may result in serious damage in the consumer data security. And, precisely, TLS does not only grant confidentiality in the data transmission, but also authenticity and integrity. I may not expect you to do it, but if you really want, here is the RFC 5246 . As you’ve guessed already, I won’t talk about confidentiality in this note.