https://discussions.nessus.org/servlet/JiveServlet/download/4615-1194/Nessus_Question.doc
http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/uploads/documents/whitepapers/Tenable_Web_App_Scanning_0.pdf
http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/uploads/documents/whitepapers/Using%20Nessus%20in%20Web%20Application%20Vulnerability%20Assessments.pdf
https://www.owasp.org/images/4/4f/Web_Application_Vul_Testing_with_Nessus_2012.02.01.pdf
Playgrounds For Your Web App Assessments
• Virtual Machines
– DVL (Damn Vulnerable Linux) • http://www.damnvulnerablelinux.org/
– Moth • http://www.bonsai-sec.com/en/research/moth.php
- metasploitable http://sourceforge.net/projects/metasploitable/ https://community.rapid7.com/docs/DOC-1875
- OWASP BWA https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
- LAMPsecurity http://sourceforge.net/projects/lampsecurity/ - http://www.madirish.net/
• Stand-alone Applications
– Stanford SecuriBench • http://suif.stanford.edu/~livshits/securibench/
– WebGoat • http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
– Mutillidae • http://www.irongeek.com/i.php?page=security/mutillidae-deliberatelyvulnerable-php-owasp-top-10&mode=print
• Remote Sites
– Acunetix: • http://testphp.acunetix.com/ - Vulnhub: https://www.vulnhub.com/ donkeydocker et plein de VM et autres ressources
• Scanning Multiple Apache VirtualHosts With Nessus – http://blog.tenablesecurity.com/2009/05/scanning-multiple-virtual-hosts-withnessus.html
• Tips For Using Nessus In Web Application Testing – http://blog.tenablesecurity.com/2009/04/tips-for-using-nessus-in-web-applicationtesting.html
• Auditing PHP Settings to OWASP Recommendations with Nessus
– http://blog.tenablesecurity.com/2009/03/auditing-php-settings-to-owasprecommendations-with-nessus.html
• Detecting Base64 Encoded Authentication Requests
– http://blog.tenablesecurity.com/2009/03/detecting-base64-encoded-authenticationrequests.html
http://lab.lonerunners.net/blog/virtual-host-and-dns-names-enumeration-techniques et hostmap réécrit en ruby https://github.com/jekil/hostmap
http://www.info-radiologie.ch/thrombose-veine-porte.php
Gastroentérologie Clinique et Biologique
Vol 30, N° 10 - octobre 2006
pp. 1170-1176
http://www.em-consulte.com/en/article/100391
http://www.vulgaris-medical.com/encyclopedie-medicale/thrombose-de-la-veine-porte
encore un shaarli: tosri
espace ftp, plein de docs dont: http://www.sysmic.org/training/kernel/plain/
crack password protected office files
http://linuxfr.org/users/oumph/journaux/v%C3%A9rifier-ou-retrouver-un-mot-de-passe-sur-un-fichier-xlsdoc-avec-pseudo-s%C3%A9curit%C3%A9-xor
office2john https://github.com/magnumripper/JohnTheRipper
Decrypting Open Office documents http://www.lyquidity.com/devblog/?p=35
[MS-OFFCRYPTO]: Office Document Cryptography Structure http://msdn.microsoft.com/en-us/library/cc313071.aspx
vieil article, assez clair avec exemple: http://chicago.sourceforge.net/devel/docs/excel/encrypt.html
une capture réseau ...
AES
example utilisation pycrypto https://codeghar.wordpress.com/2011/09/01/aes-encryption-with-python/
wrappers openssl: python-m2crypto, ncrypt (https://pypi.python.org/pypi/ncrypt)
implémentations en python: https://github.com/caller9/pythonaes/tree/master/aespython , https://code.google.com/p/slowaes/source/browse/trunk/python/aes.py
fun http://www.formaestudio.com/rijndaelinspector/
pense-bête scapy et python
http://wiki.spiritofhack.net/index.php/Scapy-usage
http://www.tutorialspoint.com/python/python_basic_operators.htm
encore un nid d'illuminés!
autres discussions:
https://linuxfr.org/news/l-auto-hebergement-kesako-ou-en-sommes-nous
https://linuxfr.org/forums/general-general/posts/hebergement-comment-faire
https://linuxfr.org/forums/general-general/posts/h%C3%A9bergement-serveur-d%C3%A9di%C3%A9
http://www.firstheberg.com/home/
https://www.alwaysdata.com/plans/shared/
http://www.ikoula.com/ et http://www.ikeepincloud.com/
=> http://www.digicube.fr/index/comparatif
http://oneprovider.com/dedicated-servers/paris-france
https://www.hetzner.de/en/hosting/produktmatrix_vserver/vserver-produktmatrix#
https://obambu.com/fr/
https://www.web4all.fr/hebergements.html
http://www.o2switch.fr/
http://www.pulseheberg.com/vps-lc.php
dossiers choisir - http://lashon.fr/hebergeurs-bien-choisir-mutualises-3/
l'inévitable http://www.bortzmeyer.org/presence-en-ligne.html
freeDNS http://freedns.afraid.org/
idées pour remplacer google reader ... Leed, Aeres, FreshRSS, KrISS feed
Pourquoi Leed http://sebsauvage.net/links/?_ASIQg
et avant il utilisait RSS Lounge http://sebsauvage.net/rhaa/index.php?2011/09/30/12/59/26-adieu-googlereader-bonjour-rss-lounge
de l'utilisation des flux RSS http://marienfressinaud.fr/?a=detail&id=-ToKJw
http://linuxfr.org/users/coin--2/journaux/google-reader-se-moque (voir commentaire de Bazajet pour un hébergement)
et KrISS feed http://tontof.net/?2013/03/14/18/12/56-presque-nouveau-lecteur-rss-kriss-feed-est-vraiment-tout-terrain
liled : http://sebsauvage.net/links/?A4pqrA
Dive Into Python 3 covers Python 3 and its differences from Python 2. Compared to Dive Into Python, it’s about 20% revised and 80% new material.
Le bouquin original Python 2 est ici: http://www.diveintopython.net/
Welcome to Shaarli ! This is a bookmark. To edit or delete me, you must first login.