{"id":3885,"date":"2013-07-03T15:05:26","date_gmt":"2013-07-03T14:05:26","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=3885"},"modified":"2019-12-30T17:04:37","modified_gmt":"2019-12-30T16:04:37","slug":"secapp-que-retenir-du-nouveau-top-10-de-lowasp","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/","title":{"rendered":"SecApp : que retenir du nouveau TOP 10 de l\u2019OWASP ?"},"content":{"rendered":"<p>L\u2019<a href=\"https:\/\/www.owasp.org\" target=\"_blank\" rel=\"noopener noreferrer\">OWASP<\/a> (<em>Open Web Application Security Project<\/em>) vient de publier une version mise \u00e0 jour de son Top 10. Tr\u00e8s largement reconnu et souvent utilis\u00e9 comme r\u00e9f\u00e9rence, <a href=\"https:\/\/www.owasp.org\/index.php\/Top_10_2013-Top_10\" target=\"_blank\" rel=\"noopener noreferrer\">le TOP 10 de l\u2019OWASP<\/a> recense les dix familles de vuln\u00e9rabilit\u00e9s les plus r\u00e9pandues et les plus critiques.<\/p>\n<h2>\u00a0Le Top 10 2013, dans la continuit\u00e9 des Top 10 pr\u00e9c\u00e9dents<\/h2>\n<p>La quasi-totalit\u00e9 des risques pr\u00e9sents dans le top 10 2010 le sont encore dans le top 10 2013. De m\u00eame, aucun r\u00e9el nouveau risque n\u2019est apparu\u00a0: il ne s\u2019agit que d\u2019un remaniement.<\/p>\n<p><a href=\"http:\/\/www.solucominsight.fr\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/top-10-owasp-2\/\" rel=\"attachment wp-att-3911\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-3911\" title=\"Top 10 OWASP\" src=\"http:\/\/www.solucominsight.fr\/wp-content\/uploads\/2013\/07\/Top-10-OWASP1.jpg\" alt=\"\" width=\"703\" height=\"235\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/Top-10-OWASP1.jpg 1041w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/Top-10-OWASP1-437x147.jpg 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/07\/Top-10-OWASP1-71x24.jpg 71w\" sizes=\"auto, (max-width: 703px) 100vw, 703px\" \/><\/a><\/p>\n<p><em>\u00a0Evolutions du Top 10 entre 2010 et 2013<\/em><\/p>\n<p>Cette mise \u00e0 jour refl\u00e8te n\u00e9anmoins les \u00e9volutions constat\u00e9es lors de nos audits, et notamment le recours de plus en plus fr\u00e9quent \u00e0 des framework de d\u00e9veloppement, mais dont les fonctionnalit\u00e9s de s\u00e9curit\u00e9 ne sont pas forc\u00e9ment (bien) utilis\u00e9es\u00a0; ainsi, les failles applicatives sont souvent d\u00e9tect\u00e9es dans les modules d\u00e9velopp\u00e9s sp\u00e9cifiquement pour les besoins m\u00e9tiers. Par ailleurs, le trio de t\u00eate \u00ab\u00a0Injection, XSS et gestion des sessions\u00a0\u00bb reste pr\u00e9sent dans la quasi-totalit\u00e9 des applications que nous auditons.<\/p>\n<h2>Quelques \u00e9volutions marquantes du Top10 2013<\/h2>\n<h4>\u00a0Falsification de requ\u00eate intersites (CSRF)<\/h4>\n<p>De plus en plus, des fonctions de protection contre le CSRF sont int\u00e9gr\u00e9es dans les framework de d\u00e9veloppement ainsi que dans les logiciels commerciaux, ce qui explique la diminution du risque associ\u00e9. Cependant, ne prenons pas pour acquis cette protection\u00a0: nous constatons tr\u00e8s fr\u00e9quemment des vuln\u00e9rabilit\u00e9s de ce type, qui restent moins connues des d\u00e9veloppeurs que les vuln\u00e9rabilit\u00e9s d\u2019injection.<\/p>\n<h4>\u00a0Manque de contr\u00f4le d\u2019acc\u00e8s au niveau fonctionnel<\/h4>\n<p>Les vuln\u00e9rabilit\u00e9s de contr\u00f4le d\u2019acc\u00e8s remontent dans le classement, non pas parce qu\u2019elles sont plus fr\u00e9quentes, mais parce qu\u2019elles sont mieux d\u00e9tect\u00e9es. Il s\u2019agit effectivement de vuln\u00e9rabilit\u00e9s que l\u2019on retrouve tr\u00e8s classiquement de nos audits. De plus, ces vuln\u00e9rabilit\u00e9s sont souvent tr\u00e8s difficiles, voire impossible \u00e0 d\u00e9tecter \u00e0 l\u2019aide d\u2019outils automatis\u00e9s, car elles n\u00e9cessitent une bonne compr\u00e9hension du fonctionnement de l\u2019application et de la logique m\u00e9tier\u00a0: seul un auditeur humain saura comprendre et \u00e9valuer en d\u00e9tails ces m\u00e9canismes.<\/p>\n<h4>Utilisation de composants avec des vuln\u00e9rabilit\u00e9s connues<\/h4>\n<p>Le recours \u00e0 des frameworks de d\u00e9veloppement, ou plus simplement \u00e0 des librairies externes, est de plus en plus fr\u00e9quent. Cependant, les processus associ\u00e9s de veille s\u00e9curit\u00e9 et de mise \u00e0 niveau r\u00e9guli\u00e8re ne sont que rarement mis en place\u00a0; ainsi, nombreuses sont les applications \u00e0 utiliser des composants pour lesquels des vuln\u00e9rabilit\u00e9s sont connues, et exploitables. \u00a0De plus, les modifications apport\u00e9es \u00e0 certaines applications peuvent emp\u00eacher l\u2019application des correctifs de s\u00e9curit\u00e9 ou la migration vers des versions nouvelles. Il est donc primordial d\u2019assurer un suivi de l\u2019ensemble des briques applicatives utilis\u00e9es, comme sugg\u00e9r\u00e9 par <a href=\"http:\/\/www.ssi.gouv.fr\/IMG\/pdf\/guide_hygiene_informatique_anssi.pdf\">la r\u00e8gle d\u2019hygi\u00e8ne<\/a> n\u00b06 de l\u2019<a href=\"http:\/\/www.ssi.gouv.fr\">ANSSI<\/a>.<\/p>\n<h2>\u00a0La s\u00e9curit\u00e9 applicative, un domaine que l\u2019on ne peut plus ignorer<\/h2>\n<p>Malheureusement, il est tr\u00e8s rare d\u2019auditer une application web dont le niveau de s\u00e9curit\u00e9 est satisfaisant. L\u2019\u00e9volution du niveau de s\u00e9curit\u00e9 reste lente, notamment au regard d\u2019une forte tendance \u00e0 la hausse des intrusions et d\u00e9facements. Pourtant, l\u2019int\u00e9gration de la s\u00e9curit\u00e9 dans les projets, ainsi que la cr\u00e9ation de <a href=\"http:\/\/www.solucominsight.fr\/2013\/03\/secapp-la-securite-de-votre-si-passera-pas-la-securite-applicative\/\">cellules de s\u00e9curit\u00e9 applicative<\/a> sont des initiatives qui fonctionnent\u00a0!<\/p>\n<p>Alors, que faire ? Ne vous arr\u00eatez pas \u00e0 10 ! Ce Top 10 n\u2019a pas pour vocation de lister l\u2019ensemble des vuln\u00e9rabilit\u00e9s possibles et imaginables sur les applications web ! Il est primordial de savoir ajuster les mesures de s\u00e9curit\u00e9 aux besoins de s\u00e9curit\u00e9 propres \u00e0 votre m\u00e9tier et \u00e0 vos donn\u00e9es, notamment par la r\u00e9alisation d\u2019une analyse de risques pr\u00e9alable.<br \/>\n<em>\u00a0<\/em><\/p>\n<p><em>Le Top 10 vient \u00e9galement d\u2019\u00eatre traduit en fran\u00e7ais par le chapitre fran\u00e7ais de l\u2019OWASP, projet auquel Solucom a eu le plaisir de participer. La version fran\u00e7aise est <a href=\" http:\/\/owasptop10.googlecode.com\/files\/OWASP%20Top%2010%20-%202013%20-%20French.pdf\">disponible sous ce lien.\u00a0 <\/a><\/em><\/p>\n<p><em>\u00a0Pour \u00eatre inform\u00e9 des prochains \u00e9v\u00e9nements organis\u00e9s par l\u2019OWASP France, n\u2019h\u00e9sitez pas \u00e0 rejoindre la <\/em><a href=\"https:\/\/lists.owasp.org\/mailman\/listinfo\/owasp-france\"><em>mailing-list OWASP France<\/em><\/a><em>.<\/em><\/p>\n<p><em>\u00a0<\/em>Pour en savoir plus sur les cellules de s\u00e9curit\u00e9 applicative (SecApp), n\u2019h\u00e9sitez pas \u00e0 t\u00e9l\u00e9charger notre <a href=\"http:\/\/www.solucom.fr\/Publications\/La-cellule-SecApp-enfin-un-levier-pour-garantir-le-succes-de-la-securite-applicative\">focus sur le sujet<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>L\u2019OWASP (Open Web Application Security Project) vient de publier une version mise \u00e0 jour de son Top 10. Tr\u00e8s largement reconnu et souvent utilis\u00e9 comme r\u00e9f\u00e9rence, le TOP 10 de l\u2019OWASP recense les dix familles de vuln\u00e9rabilit\u00e9s les plus r\u00e9pandues&#8230;<\/p>\n","protected":false},"author":20,"featured_media":6080,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3225],"tags":[861,1202,1204,1203],"coauthors":[780],"class_list":["post-3885","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-ethical-hacking-indicent-response","tag-applicatif","tag-owasp","tag-secapp","tag-vulnerabilites"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SecApp : que retenir du nouveau TOP 10 de l\u2019OWASP ?<\/title>\n<meta name=\"description\" content=\"L\u2019OWASP (Open Web Application Security Project) vient de publier une version mise \u00e0 jour de son Top 10. Tr\u00e8s largement reconnu et souvent utilis\u00e9 comme r\u00e9f\u00e9rence, le TOP 10 de l\u2019OWASP recense les dix familles de vuln\u00e9rabilit\u00e9s les plus r\u00e9pandues et les plus critiques.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SecApp : que retenir du nouveau TOP 10 de l\u2019OWASP ?\" \/>\n<meta property=\"og:description\" content=\"L\u2019OWASP (Open Web Application Security Project) vient de publier une version mise \u00e0 jour de son Top 10. Tr\u00e8s largement reconnu et souvent utilis\u00e9 comme r\u00e9f\u00e9rence, le TOP 10 de l\u2019OWASP recense les dix familles de vuln\u00e9rabilit\u00e9s les plus r\u00e9pandues et les plus critiques.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2013-07-03T14:05:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-30T16:04:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/10\/antonio-gravante-fotolia.com-foule1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1500\" \/>\n\t<meta property=\"og:image:height\" content=\"1399\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Arnaud Soulli\u00e9\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Arnaud Soulli\u00e9\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/\"},\"author\":{\"name\":\"Arnaud Soulli\u00e9\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79\"},\"headline\":\"SecApp : que retenir du nouveau TOP 10 de l\u2019OWASP ?\",\"datePublished\":\"2013-07-03T14:05:26+00:00\",\"dateModified\":\"2019-12-30T16:04:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/\"},\"wordCount\":749,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/10\/antonio-gravante-fotolia.com-foule1.jpg\",\"keywords\":[\"applicatif\",\"OWASP\",\"SecApp\",\"vuln\u00e9rabilit\u00e9s\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Ethical Hacking &amp; Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/\",\"name\":\"SecApp : que retenir du nouveau TOP 10 de l\u2019OWASP ?\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/10\/antonio-gravante-fotolia.com-foule1.jpg\",\"datePublished\":\"2013-07-03T14:05:26+00:00\",\"dateModified\":\"2019-12-30T16:04:37+00:00\",\"description\":\"L\u2019OWASP (Open Web Application Security Project) vient de publier une version mise \u00e0 jour de son Top 10. Tr\u00e8s largement reconnu et souvent utilis\u00e9 comme r\u00e9f\u00e9rence, le TOP 10 de l\u2019OWASP recense les dix familles de vuln\u00e9rabilit\u00e9s les plus r\u00e9pandues et les plus critiques.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/10\/antonio-gravante-fotolia.com-foule1.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/10\/antonio-gravante-fotolia.com-foule1.jpg\",\"width\":1500,\"height\":1399},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SecApp : que retenir du nouveau TOP 10 de l\u2019OWASP ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79\",\"name\":\"Arnaud Soulli\u00e9\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/arnaud-soullie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SecApp : que retenir du nouveau TOP 10 de l\u2019OWASP ?","description":"L\u2019OWASP (Open Web Application Security Project) vient de publier une version mise \u00e0 jour de son Top 10. Tr\u00e8s largement reconnu et souvent utilis\u00e9 comme r\u00e9f\u00e9rence, le TOP 10 de l\u2019OWASP recense les dix familles de vuln\u00e9rabilit\u00e9s les plus r\u00e9pandues et les plus critiques.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/","og_locale":"en_US","og_type":"article","og_title":"SecApp : que retenir du nouveau TOP 10 de l\u2019OWASP ?","og_description":"L\u2019OWASP (Open Web Application Security Project) vient de publier une version mise \u00e0 jour de son Top 10. Tr\u00e8s largement reconnu et souvent utilis\u00e9 comme r\u00e9f\u00e9rence, le TOP 10 de l\u2019OWASP recense les dix familles de vuln\u00e9rabilit\u00e9s les plus r\u00e9pandues et les plus critiques.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/","og_site_name":"RiskInsight","article_published_time":"2013-07-03T14:05:26+00:00","article_modified_time":"2019-12-30T16:04:37+00:00","og_image":[{"width":1500,"height":1399,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/10\/antonio-gravante-fotolia.com-foule1.jpg","type":"image\/jpeg"}],"author":"Arnaud Soulli\u00e9","twitter_misc":{"Written by":"Arnaud Soulli\u00e9","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/"},"author":{"name":"Arnaud Soulli\u00e9","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79"},"headline":"SecApp : que retenir du nouveau TOP 10 de l\u2019OWASP ?","datePublished":"2013-07-03T14:05:26+00:00","dateModified":"2019-12-30T16:04:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/"},"wordCount":749,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/10\/antonio-gravante-fotolia.com-foule1.jpg","keywords":["applicatif","OWASP","SecApp","vuln\u00e9rabilit\u00e9s"],"articleSection":["Cybersecurity &amp; Digital Trust","Ethical Hacking &amp; Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/","url":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/","name":"SecApp : que retenir du nouveau TOP 10 de l\u2019OWASP ?","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/10\/antonio-gravante-fotolia.com-foule1.jpg","datePublished":"2013-07-03T14:05:26+00:00","dateModified":"2019-12-30T16:04:37+00:00","description":"L\u2019OWASP (Open Web Application Security Project) vient de publier une version mise \u00e0 jour de son Top 10. Tr\u00e8s largement reconnu et souvent utilis\u00e9 comme r\u00e9f\u00e9rence, le TOP 10 de l\u2019OWASP recense les dix familles de vuln\u00e9rabilit\u00e9s les plus r\u00e9pandues et les plus critiques.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/10\/antonio-gravante-fotolia.com-foule1.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/10\/antonio-gravante-fotolia.com-foule1.jpg","width":1500,"height":1399},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/secapp-que-retenir-du-nouveau-top-10-de-lowasp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"SecApp : que retenir du nouveau TOP 10 de l\u2019OWASP ?"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79","name":"Arnaud Soulli\u00e9","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/arnaud-soullie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/3885","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=3885"}],"version-history":[{"count":14,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/3885\/revisions"}],"predecessor-version":[{"id":12449,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/3885\/revisions\/12449"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/6080"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=3885"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=3885"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=3885"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=3885"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}