Academic literature on the topic 'Sécurité Web'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Sécurité Web.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Journal articles on the topic "Sécurité Web"
André, Pierre. "Les cyberattaques : un enjeu de sécurité primordial." Hérodote N° 192, no. 1 (January 1, 2024): 79–92. http://dx.doi.org/10.3917/her.192.0079.
Full textBoivin2, Rémi, and Rita Lam. "Sondages Web, opinion publique et performance policière1." Criminologie 49, no. 1 (April 18, 2016): 225–45. http://dx.doi.org/10.7202/1036201ar.
Full textMihalea, Cristian, Jildaz Caroff, Simon Escalard, Léon Ikka, Aymeric Rouchaud, Valerio Da ros, Igor Pagiola, et al. "Sécurité et efficacité du dispositif WEB 17, la cinquième génération pour les anévrismes intracérébrales, note technique." Journal of Neuroradiology 46, no. 2 (March 2019): 86–87. http://dx.doi.org/10.1016/j.neurad.2019.01.006.
Full textLortie, Monique. "Santé et sécurité du travail : bref recul et arrêt sur image." Revue organisations & territoires 30, no. 3 (February 11, 2022): 1–21. http://dx.doi.org/10.1522/revueot.v30n3.1375.
Full textSandhu, Jag S., Keith Anderson, Dave Keen, and Annalee Yassi. "Mise en œuvre de la technologie de l'information en vue d'améliorer la santé en milieu de travail: une évaluation par le Web des besoins d'information des gestionnaires de la Fraser Health Authority, en Colombie-Britannique." Healthcare Management Forum 18, no. 4 (December 2005): 11–16. http://dx.doi.org/10.1016/s0840-4704(10)60062-2.
Full textWinton, Sue. "Positioning Ontario’s Character Development Initiative In/Through Its Policy Web of Relationships." Alberta Journal of Educational Research 58, no. 1 (May 30, 2012): 1–16. http://dx.doi.org/10.55016/ojs/ajer.v58i1.55554.
Full textTrefond, Ludovic, Elisabeth Billard, Bruno Pereira, Damien Richard, Emilie Vazeille, Richard Bonnet, Nicolas Barnich, and Marc Andre. "Host-microbiota relationship in the pathophysiology of aseptic abscess syndrome: protocol for a multicentre case-control study (ABSCESSBIOT)." BMJ Open 13, no. 8 (August 2023): e073776. http://dx.doi.org/10.1136/bmjopen-2023-073776.
Full textVeziant, Julie, Karine Poirot, Caroline Chevarin, Lucie Cassagnes, Pierre Sauvanet, Benoit Chassaing, Frederic Robin, et al. "Prognostic value of a combination of innovative factors (gut microbiota, sarcopenia, obesity, metabolic syndrome) to predict surgical/oncologic outcomes following surgery for sporadic colorectal cancer: a prospective cohort study protocol (METABIOTE)." BMJ Open 10, no. 1 (January 2020): e031472. http://dx.doi.org/10.1136/bmjopen-2019-031472.
Full textBonham, Oliver, Bruce Broster, David Cane, Keith Johnson, and Kate MacLachlan. "The Development of Canada's Competency Profile for Professional Geoscientists at Entry-to-Practice." Geoscience Canada 44, no. 2 (July 21, 2017): 77–84. http://dx.doi.org/10.12789/geocanj.2017.44.118.
Full textAmat, Philippe, and Éric Tran Lu Y. "Apport de la rééducation myofonctionnelle orofaciale au traitement du syndrome d’apnées obstructives du sommeil : une revue systématique de la littérature." L'Orthodontie Française 90, no. 3-4 (September 2019): 343–70. http://dx.doi.org/10.1051/orthodfr/2019035.
Full textDissertations / Theses on the topic "Sécurité Web"
Luo, Zhengqin. "Sémantique et sécurité des applications Web." Nice, 2011. http://www.theses.fr/2011NICE4058.
Full textIn this work we study the formal semantics and security problems of Web applications. The thesis is divided into three parts. The first part proposes a small-step operational semantics for a multitier programing language HOP, which can be used to globally reasoning about Web applications. The semantics covers a core of the HOP language, including dynamic generations of client code, and interactions between servers and clients. The second part studies a new technique to automatically prevent code injection attacks, based on multitier compilation. We add a new phase in the compiler to compare the intended and the actual syntax structure of the output. The validity of our technique is proved correct in the operational semantics of HOP. The last part of the thesis studies Mashic, a source-to-source compiler of JavaScript to isolate untrusted script by ifram sandbox and postmessage in HTML5. The compiler is proved correct in a formal semantics of JavaScript
Zahoor, Ehtesham. "Gouvernance de service : aspects sécurité et données." Phd thesis, Université Nancy II, 2011. http://tel.archives-ouvertes.fr/tel-00643552.
Full textSomé, Dolière Francis. "Sécurité et vie privée dans les applications web." Thesis, Université Côte d'Azur (ComUE), 2018. http://www.theses.fr/2018AZUR4085/document.
Full textIn this thesis, we studied security and privacy threats in web applications and browser extensions. There are many attacks targeting the web of which XSS (Cross-Site Scripting) is one of the most notorious. Third party tracking is the ability of an attacker to benefit from its presence in many web applications in order to track the user has she browses the web, and build her browsing profile. Extensions are third party software that users install to extend their browser functionality and improve their browsing experience. Malicious or poorly programmed extensions can be exploited by attackers in web applications, in order to benefit from extensions privileged capabilities and access sensitive user information. Content Security Policy (CSP) is a security mechanism for mitigating the impact of content injection attacks in general and in particular XSS. The Same Origin Policy (SOP) is a security mechanism implemented by browsers to isolate web applications of different origins from one another. In a first work on CSP, we analyzed the interplay of CSP with SOP and demonstrated that the latter allows the former to be bypassed. Then we scrutinized the three CSP versions and found that a CSP is differently interpreted depending on the browser, the version of CSP it implements, and how compliant the implementation is with respect to the specification. To help developers deploy effective policies that encompass all these differences in CSP versions and browsers implementations, we proposed the deployment of dependency-free policies that effectively protect against attacks in all browsers. Finally, previous studies have identified many limitations of CSP. We reviewed the different solutions proposed in the wild, and showed that they do not fully mitigate the identified shortcomings of CSP. Therefore, we proposed to extend the CSP specification, and showed the feasibility of our proposals with an example of implementation. Regarding third party tracking, we introduced and implemented a tracking preserving architecture, that can be deployed by web developers willing to include third party content in their applications while preventing tracking. Intuitively, third party requests are automatically routed to a trusted middle party server which removes tracking information from the requests. Finally considering browser extensions, we first showed that the extensions that users install and the websites they are logged into, can serve to uniquely identify and track them. We then studied the communications between browser extensions and web applications and demonstrate that malicious or poorly programmed extensions can be exploited by web applications to benefit from extensions privileged capabilities. Also, we demonstrated that extensions can disable the Same Origin Policy by tampering with CORS headers. All this enables web applications to read sensitive user information. To mitigate these threats, we proposed countermeasures and a more fine-grained permissions system and review process for browser extensions. We believe that this can help browser vendors identify malicious extensions and warn users about the threats posed by extensions they install
Kamel, Nassima. "Sécurité des cartes à puce à serveur Web embarqué." Limoges, 2012. https://aurore.unilim.fr/theses/nxfile/default/9dc553cd-e9df-4530-a716-d3191d68dfa0/blobholder:0/2012LIMO4039.pdf.
Full textSmart cards are widely used secure devices in today’s world, which can store data in a secured manner and ensure data security during transactions. The success of smart card is mainly due to their tamper-resistant nature which allows them to store sensitive data’s like cryptographic keys. Since they are using in multiple secure domains, like banking, health insurance, etc. More and more researches are taken place in this domain for security and attacks. The last generation of smart card, defines an embedded web server. There are two types of specifications for these devices, the first one is defined by OMA organisation that propose a simple HTTP web server named Smart Card Web Server (SCWS), the second is proposed by Sun Microsystems (currently Oracle), consists of a Java card 3 connected edition platform, that includes a Java servlet 2. 4 API with improved Java Card API and security features. In addition to network benefits from the robustness of smart card, the use of web standards provide a continuous user experience, equivalent to that seen while surfing on the internet and it enhances the look and feel of GUI interfaces. The GUI interfaces are accessible from a browser which is located on the terminal on which the card is connected. However, in addition to the classical attacks (physical and logical), the integration of web server on smart card, exposes the smart card to some existing classical web application attacks. The most important one is the cross site scripting attack, also named XSS. It consists of injecting malicious data to the given web application inputs and if the resource returned to the browser includes the malicious code, it will be interpreted and executed, causing an attack. A web application is vulnerable to XSS if it uses an untrusted data without filtering malicious characters before. On the other hand, to ensure the communication between web applications and browser or other network entities, it is necessary to integrate some protocols to the smart card, for example HTTP, BIP or TCP/IP. The vulnerabilities in the implementation of these protocols can facilitate some attacks. Our contribution on this thesis is divided in two parts, in the first part, we are interested on the security of web applications against XSS attack. We suggest a static analysis tool, based on tainting approach, that allow to verify if a web application is secured or not, including filtering data in all insertion points where XSS is possible. We also implement, an API filter, compatible with Java Card 3 platform, that developers can import during the development of their applications. The second part consists of verifying the conformance and the robustness of the implemented HTTP protocol. For that we propose an intelligent fuzzing tool that includes a set of optimisations that allows to reduce the time of fuzzing
Scholte, Theodoor. "Amélioration de la sécurité par la conception des logiciels web." Thesis, Paris, ENST, 2012. http://www.theses.fr/2012ENST0024/document.
Full textThe web has become a backbone of our industry and daily life. The growing popularity of web applications and services and the increasing number of critical transactions being performed, has raised security concerns. For this reason, much effort has been spent over the past decade to make web applications more secure. Despite these efforts, recent data from SANS institute estimates that up to 60% of Internet attacks target web applications and critical vulnerabilities such as cross-site scripting and SQL injection are still very common. In this thesis, we conduct two empirical studies on a large number of web applications vulnerabilities with the aim of gaining deeper insights in how input validation flaws have evolved in the past decade and how these common vulnerabilities can be prevented. Our results suggest that the complexity of the attacks have not changed significantly and that many web problems are still simple in nature. Our studies also show that most SQL injection and a significant number of cross-site scripting vulnerabilities can be prevented using straight-forward validation mechanisms based on common data types. With these empirical results as foundation, we present IPAAS which helps developers that are unaware of security issues to write more secure web applications than they otherwise would do. It includes a novel technique for preventing the exploitation of cross-site scripting and SQL injection vulnerabilities based on automated data type detection of input parameters. We show that this technique results in significant and tangible security improvements for real web applications
Scholte, Theodoor. "Amélioration de la sécurité par la conception des logiciels web." Electronic Thesis or Diss., Paris, ENST, 2012. http://www.theses.fr/2012ENST0024.
Full textThe web has become a backbone of our industry and daily life. The growing popularity of web applications and services and the increasing number of critical transactions being performed, has raised security concerns. For this reason, much effort has been spent over the past decade to make web applications more secure. Despite these efforts, recent data from SANS institute estimates that up to 60% of Internet attacks target web applications and critical vulnerabilities such as cross-site scripting and SQL injection are still very common. In this thesis, we conduct two empirical studies on a large number of web applications vulnerabilities with the aim of gaining deeper insights in how input validation flaws have evolved in the past decade and how these common vulnerabilities can be prevented. Our results suggest that the complexity of the attacks have not changed significantly and that many web problems are still simple in nature. Our studies also show that most SQL injection and a significant number of cross-site scripting vulnerabilities can be prevented using straight-forward validation mechanisms based on common data types. With these empirical results as foundation, we present IPAAS which helps developers that are unaware of security issues to write more secure web applications than they otherwise would do. It includes a novel technique for preventing the exploitation of cross-site scripting and SQL injection vulnerabilities based on automated data type detection of input parameters. We show that this technique results in significant and tangible security improvements for real web applications
Mohamed, El-Marouf Ahmed. "Mesure de distance entre politiques de sécurité dans un service Web." Master's thesis, Université Laval, 2015. http://hdl.handle.net/20.500.11794/25929.
Full textThe main contribution of this paper is to suggest a new method to measure the similarity between security policies written in XACML. This is done in two steps: first the safety policy is formalized in SPL, secondly the results will be used to measure the distance between policies. The choice of the distance to use depends on the types of predicates (categorical or numeric). Thus, a synthetic table is provided to link the different metrics that are calculated in accordance with their predicate. A prototype has been coded in PHP and implemented to validate our contribution. Recommendations were issued in conclusion to enrich the proposed approach.
Mekki, Mohamed-Anis. "Synthèse et compilation de services web sécurisés." Thesis, Nancy 1, 2011. http://www.theses.fr/2011NAN10123/document.
Full textAutomatic composition of web services is a challenging task. Many works have considered simplified automata models that abstract away from the structure of messages exchanged by the services. For the domain of secured services we propose a novel approach to automated composition of services based on their security policies. Given a community of services and a goal service, we reduce the problem of composing the goal from services in the community to a security problem where an intruder we call mediator should intercept and redirect messages from the service community and a client service till reaching a satisfying state. We have implemented the algorithm in AVANTSSAR Platform and applied the tool to several case studies. Then we present a tool that compiles the obtained trace describing the execution of a the mediator into its corresponding runnable code. For that we first compute an executable specification as prudent as possible of her role in the orchestration. This specification is expressed in ASLan language, a formal language designed for modeling Web Services tied with security policies. Then we can check with automatic tools that this ASLan specification verifies some required security properties such as secrecy and authentication. If no flaw is found, we compile the specification into a Java servlet that can be used by the mediatior to lead the orchestration
Ouedraogo, Wendpanga Francis. "Gestionnaire contextualisé de sécurité pour des « Process 2.0 »." Thesis, Lyon, INSA, 2013. http://www.theses.fr/2013ISAL0132/document.
Full textTo fit the competitive and globalized economic environment, companies and especially SMEs / SMIs are more and more involved in collaborative strategies, requiring organizational adaptation to fit this openness constraints and increase agility (i.e. the ability to adapt and fit the structural changes). While the Web 2.0 allows sharing data (images, knowledge, CV, micro-blogging, etc...) and while SOA aims at increasing service re-using rate and service interoperability, no process sharing strategies are developed. To overcome this limit, we propose to share processes as well to set a "process 2.0" framework allowing sharing activities. This will support an agile collaborative process enactment by searching and composing services depending on the required business organization and the service semantics. Coupled with the cloud computing deployment opportunity, this strategy will lead to couple more strongly Business, SaaS and PaaS levels. However, this challenges security constraints management in a dynamic environment. The development of security policies is usually based on a systematic risks analysis, reducing them by adopting appropriate countermeasures. These approaches are complex and as a consequence difficult to implement by end users. Moreover risks are assessed in a "closed" and static environment so that these methods do not fit the dynamic business services composition approach, as services can be composed and run in different business contexts (including the functionalities provided by each service, the organization (Who does what?), the coordination between these services and also the kind of data (strategic or no...) that are used and exchanged) and runtime environment (public vs private platform…). By analyzing these contextual information, we can define specific security constraints to each business service, specify the convenient security policies and implement appropriate countermeasures. In addition, it is also necessary to be able to propagate the security policies throughout the process to ensure consistency and overall security during the process execution. To address these issues, we propose to study the definition of security policies coupling Model Driven Security and Pattern based engineering approach to generate and deploy convenient security policies and protection means depending on the (may be untrusted) runtime environment. To this end, we propose a set of security patterns which meet the business and platform related security needs to set the security policies. The selection and the implementation of these security policies will be achieved thank to context-based patterns. Simple to understand by non-specialists, these patterns will be used by the model transformation process to generate these policies in a Model@Runtime strategy so that security services will be selected and orchestrated at runtime to provide a constant quality of protection (independent of the deployment)
Makiou, Abdelhamid. "Sécurité des applications Web : Analyse, modélisation et détection des attaques par apprentissage automatique." Thesis, Paris, ENST, 2016. http://www.theses.fr/2016ENST0084/document.
Full textWeb applications are the backbone of modern information systems. The Internet exposure of these applications continually generates new forms of threats that can jeopardize the security of the entire information system. To counter these threats, there are robust and feature-rich solutions. These solutions are based on well-proven attack detection models, with advantages and limitations for each model. Our work consists in integrating functionalities of several models into a single solution in order to increase the detection capacity. To achieve this objective, we define in a first contribution, a classification of the threats adapted to the context of the Web applications. This classification also serves to solve some problems of scheduling analysis operations during the detection phase of the attacks. In a second contribution, we propose an architecture of Web application firewall based on two analysis models. The first is a behavioral analysis module, and the second uses the signature inspection approach. The main challenge to be addressed with this architecture is to adapt the behavioral analysis model to the context of Web applications. We are responding to this challenge by using a modeling approach of malicious behavior. Thus, it is possible to construct for each attack class its own model of abnormal behavior. To construct these models, we use classifiers based on supervised machine learning. These classifiers use learning datasets to learn the deviant behaviors of each class of attacks. Thus, a second lock in terms of the availability of the learning data has been lifted. Indeed, in a final contribution, we defined and designed a platform for automatic generation of training datasets. The data generated by this platform is standardized and categorized for each class of attacks. The learning data generation model we have developed is able to learn "from its own errors" continuously in order to produce higher quality machine learning datasets
Books on the topic "Sécurité Web"
Mike, Shema, ed. Hacking exposed: Web applications. New York: McGraw-Hill/Osborne, 2002.
Find full textScambray, Joel. Hacking exposed: Web applications. New York: McGraw-Hill/Osborne, 2002.
Find full textBret, Hartman, ed. Mastering Web services security. Indianapolis, Ind: Wiley Technology Pub., 2003.
Find full textSimon, Cooper, and Chapman D. Brent, eds. Building Internet Firewalls: Internet and Web security. 2nd ed. Beijing: O'Reilly, 2000.
Find full textLarcher, Éric. L' Internet sécurisé: Comment crypter ses mails, lutter contre le spam et les virus, protéger son anonymat sur le Web. Paris: Eyrolles, 2000.
Find full textRubin, Aviel D. Web security sourcebook. New York: Wiley Computer Pub., 1997.
Find full textGarfinkel, Simson. Web security & commerce. Sebastopol: O'Reilly, 1997.
Find full textGarfinkel, Simson. Web Security, Privacy and Commerce. 2nd ed. Cambridge, Mass: O'Reilly, 2001.
Find full textGarfinkel, Simson. Web security, privacy, and commerce. 2nd ed. Beijing: O'Reilly, 2002.
Find full textEssential PHP Security. Sebastopol, CA: O'Reilly, 2006.
Find full textBook chapters on the topic "Sécurité Web"
ZXIVANOVICH, Sava, Branislav TODOROVIC, Jean-Pierre LORRÉ, Darko TRIFUNOVIC, Adrian KOTELBA, Ramin SADRE, and Axel LEGAY. "L’IdO pour une nouvelle ère de réseaux unifiés, de confiance zéro et de protection accrue de la vie privée." In Cybersécurité des maisons intelligentes, 185–213. ISTE Group, 2024. http://dx.doi.org/10.51926/iste.9086.ch5.
Full textGallot, Éric, and Terry Zimmer. "Outil 12. Le social engineering via le web et les réseaux sociaux." In La boîte à outils de la sécurité économique, 46–47. Dunod, 2015. http://dx.doi.org/10.3917/dunod.moine.2015.01.0046.
Full textConference papers on the topic "Sécurité Web"
Zurko, Mary Ellen. "La Sécurité Ouverte How We Doin? So Far?" In WWW '16: 25th International World Wide Web Conference. Republic and Canton of Geneva, Switzerland: International World Wide Web Conferences Steering Committee, 2016. http://dx.doi.org/10.1145/2872427.2883583.
Full text