{"id":5801,"date":"2014-09-25T20:37:39","date_gmt":"2014-09-25T19:37:39","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=5801"},"modified":"2019-12-31T11:11:08","modified_gmt":"2019-12-31T10:11:08","slug":"faille-critique-shellshock-recommandations-du-cert-solucom","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/","title":{"rendered":"Faille critique Shellshock : recommandations du CERT-Solucom"},"content":{"rendered":"<p><em>Article mis \u00e0 jour le 26\/09<\/em><\/p>\n<p>Une vuln\u00e9rabilit\u00e9 critique concernant l\u2019interpr\u00e9teur de commandes Bash a \u00e9t\u00e9 publi\u00e9e hier (CVE-2014-6271). Dans certaines conditions, cette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant d\u2019ex\u00e9cuter du code arbitraire. Le score CVSS indiquant la gravit\u00e9 de la vuln\u00e9rabilit\u00e9 est \u00e9valu\u00e9 \u00e0 10, la note maximale.<\/p>\n<p>Cette vuln\u00e9rabilit\u00e9 affecte les versions 1.14 \u00e0 4.3 de Bash et des <a href=\"http:\/\/www.kernelmode.info\/forum\/viewtopic.php?f=16&amp;t=3505#p23987\" target=\"_blank\" rel=\"noopener noreferrer\">attaques<\/a> sont en cours sur les services vuln\u00e9rables.<\/p>\n<p>Des correctifs de s\u00e9curit\u00e9 ont \u00e9t\u00e9 publi\u00e9s mais sont incomplets. Cette nouvelle vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e sous le num\u00e9ro CVE-2014-7169.<\/p>\n<h2>Quels syst\u00e8mes sont impact\u00e9s\u00a0?<\/h2>\n<p>Les distributions Linux sont les principaux syst\u00e8mes impact\u00e9s par la vuln\u00e9rabilit\u00e9, car elles int\u00e8grent l\u2019interpr\u00e9teur de commande Bash par d\u00e9faut. C\u2019est \u00e9galement le cas de Mac OSX, et des utilisateurs de Cygwin sous Windows.<\/p>\n<p>Cependant, de nombreux logiciels et services r\u00e9alisent des appels syst\u00e8me via Bash et sont par cons\u00e9quent vuln\u00e9rables.<\/p>\n<p>Il est aujourd\u2019hui confirm\u00e9 que cette vuln\u00e9rabilit\u00e9\u00a0peut s\u2019exploiter \u00e0 distance dans certains cas\u00a0:<\/p>\n<ul>\n<li>Sur un serveur web pouvant faire appel \u00e0 Bash (scripts cgi, appels syst\u00e8mes Python ou PHP).<\/li>\n<li>Sur un serveur SSH (uniquement apr\u00e8s authentification).<\/li>\n<li>Sur un service <a href=\"https:\/\/www.trustedsec.com\/september-2014\/shellshock-dhcp-rce-proof-concept\/\" target=\"_blank\" rel=\"noopener noreferrer\">DHCP<\/a>.<\/li>\n<\/ul>\n<p>Plus g\u00e9n\u00e9ralement tout autre service pouvant faire appel \u00e0 Bash pourrait \u00eatre affect\u00e9.<\/p>\n<p>Cette faille peut notamment \u00eatre <a href=\"https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/exploits\/osx\/local\/vmware_bash_function_root.rb\" target=\"_blank\" rel=\"noopener noreferrer\">exploit\u00e9e<\/a> afin de r\u00e9aliser une \u00e9l\u00e9vation de privil\u00e8ge sous Mac OSX, qui int\u00e8gre \u00e9galement Bash par d\u00e9faut.<\/p>\n<h2>Comment v\u00e9rifier si je suis vuln\u00e9rable\u00a0?<\/h2>\n<p>Il est possible d\u2019identifier la vuln\u00e9rabilit\u00e9 via l\u2019ex\u00e9cution de la commande suivante\u00a0:<\/p>\n<p><span style=\"background-color: #c0c0c0;\">$\u00a0env\u00a0var='()\u00a0{\u00a0ignore\u00a0this:;};\u00a0echo\u00a0vulnerable&#8217;\u00a0bash\u00a0-c\u00a0\/bin\/true<\/span><\/p>\n<p>Dans le cas d\u2019un serveur vuln\u00e9rable, la commande affichera \u00ab\u00a0vulnerable\u00a0\u00bb.<\/p>\n<p><i>Attention\u00a0: cette commande permet de v\u00e9rifier la bonne application des correctifs disponibles. Cependant, il semblerait que ces correctifs ne mitigent pas l\u2019ensemble des attaques possibles, en particulier l\u2019exploitation locale.<\/i><\/p>\n<h2 align=\"left\">Quelles sont les actions \u00e0 mener\u00a0?<\/h2>\n<h4 align=\"left\">1-\u00a0 Recenser les produits vuln\u00e9rables<\/h4>\n<p align=\"left\">La plupart des syst\u00e8mes d\u2019exploitation Linux, ainsi que Mac OS X sont affect\u00e9es par cette vuln\u00e9rabilit\u00e9.<\/p>\n<p align=\"left\">Cependant, cette vuln\u00e9rabilit\u00e9 pourrait \u00e9galement \u00eatre pr\u00e9sente sur d\u2019autres \u00e9quipements se basant sur des syst\u00e8mes UNIX. On pense notamment aux <em>appliances<\/em> r\u00e9seau et de s\u00e9curit\u00e9, ainsi qu\u2019aux syst\u00e8mes embarqu\u00e9s.<\/p>\n<p align=\"left\">Il convient de se r\u00e9f\u00e9rer aux bulletins publi\u00e9s par les \u00e9diteurs, lorsqu\u2019ils sont disponibles, \u00a0pour plus d\u2019informations.<\/p>\n<h4 align=\"left\">2- Appliquer les correctifs de s\u00e9curit\u00e9<\/h4>\n<p>Bien que son efficacit\u00e9 soit partiellement remise en cause, le correctif de s\u00e9curit\u00e9 publi\u00e9 pour Bash permettra de se pr\u00e9munir des attaques distantes les plus communes.<\/p>\n<h4 align=\"left\">3- D\u00e9tecter les attaques<\/h4>\n<p>Afin de compl\u00e9ter les m\u00e9canismes de protection mis en place, il est possible de d\u00e9tecter ou de bloquer les attaques les plus simples via l\u2019utilisation d\u2019\u00e9quipements de type IDS\/IPS.<\/p>\n<p>Certains \u00e9diteurs proposent actuellement des signatures sp\u00e9cifiques \u00e0 cette attaque, qui reposent sur la d\u00e9tection des caract\u00e8res sp\u00e9ciaux \u201c() {\u201d dans les en-t\u00eates des requ\u00eates http.<\/p>\n<p>Il est \u00e9galement recommand\u00e9 d\u2019analyser les logs existants pour d\u00e9tecter une exploitation pass\u00e9e de ShellShock.<\/p>\n<p>&nbsp;<\/p>\n<p align=\"left\">Ce bulletin sera compl\u00e9t\u00e9 dans les prochains jours. Pour plus de pr\u00e9cisions, vous pouvez contacter le<a href=\"mailto:cert@solucom.fr\" target=\"_blank\" rel=\"noopener noreferrer\"> CERT-SOLUCOM<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Article mis \u00e0 jour le 26\/09 Une vuln\u00e9rabilit\u00e9 critique concernant l\u2019interpr\u00e9teur de commandes Bash a \u00e9t\u00e9 publi\u00e9e hier (CVE-2014-6271). Dans certaines conditions, cette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant d\u2019ex\u00e9cuter du code arbitraire. Le score CVSS indiquant la gravit\u00e9 de la&#8230;<\/p>\n","protected":false},"author":20,"featured_media":6092,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3225],"tags":[2596,3320],"coauthors":[780],"class_list":["post-5801","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-ethical-hacking-indicent-response","tag-cert","tag-incident-response-cert-w"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Faille critique Shellshock : recommandations du CERT-Solucom - RiskInsight<\/title>\n<meta name=\"description\" content=\"\u00cates-vous vuln\u00e9rable ? Quels sont les actions \u00e0 mener ?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Faille critique Shellshock : recommandations du CERT-Solucom - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"\u00cates-vous vuln\u00e9rable ? Quels sont les actions \u00e0 mener ?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2014-09-25T19:37:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T10:11:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/mikkolem-fotolia.com_1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1500\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Arnaud Soulli\u00e9\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Arnaud Soulli\u00e9\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/\"},\"author\":{\"name\":\"Arnaud Soulli\u00e9\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79\"},\"headline\":\"Faille critique Shellshock : recommandations du CERT-Solucom\",\"datePublished\":\"2014-09-25T19:37:39+00:00\",\"dateModified\":\"2019-12-31T10:11:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/\"},\"wordCount\":569,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/mikkolem-fotolia.com_1.jpg\",\"keywords\":[\"CERT\",\"incident response CERT-W\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Ethical Hacking &amp; Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/\",\"name\":\"Faille critique Shellshock : recommandations du CERT-Solucom - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/mikkolem-fotolia.com_1.jpg\",\"datePublished\":\"2014-09-25T19:37:39+00:00\",\"dateModified\":\"2019-12-31T10:11:08+00:00\",\"description\":\"\u00cates-vous vuln\u00e9rable ? Quels sont les actions \u00e0 mener ?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/mikkolem-fotolia.com_1.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/mikkolem-fotolia.com_1.jpg\",\"width\":1500,\"height\":1000},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Faille critique Shellshock : recommandations du CERT-Solucom\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79\",\"name\":\"Arnaud Soulli\u00e9\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/arnaud-soullie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Faille critique Shellshock : recommandations du CERT-Solucom - RiskInsight","description":"\u00cates-vous vuln\u00e9rable ? Quels sont les actions \u00e0 mener ?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/","og_locale":"en_US","og_type":"article","og_title":"Faille critique Shellshock : recommandations du CERT-Solucom - RiskInsight","og_description":"\u00cates-vous vuln\u00e9rable ? Quels sont les actions \u00e0 mener ?","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/","og_site_name":"RiskInsight","article_published_time":"2014-09-25T19:37:39+00:00","article_modified_time":"2019-12-31T10:11:08+00:00","og_image":[{"width":1500,"height":1000,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/mikkolem-fotolia.com_1.jpg","type":"image\/jpeg"}],"author":"Arnaud Soulli\u00e9","twitter_misc":{"Written by":"Arnaud Soulli\u00e9","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/"},"author":{"name":"Arnaud Soulli\u00e9","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79"},"headline":"Faille critique Shellshock : recommandations du CERT-Solucom","datePublished":"2014-09-25T19:37:39+00:00","dateModified":"2019-12-31T10:11:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/"},"wordCount":569,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/mikkolem-fotolia.com_1.jpg","keywords":["CERT","incident response CERT-W"],"articleSection":["Cybersecurity &amp; Digital Trust","Ethical Hacking &amp; Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/","name":"Faille critique Shellshock : recommandations du CERT-Solucom - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/mikkolem-fotolia.com_1.jpg","datePublished":"2014-09-25T19:37:39+00:00","dateModified":"2019-12-31T10:11:08+00:00","description":"\u00cates-vous vuln\u00e9rable ? Quels sont les actions \u00e0 mener ?","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/mikkolem-fotolia.com_1.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/mikkolem-fotolia.com_1.jpg","width":1500,"height":1000},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2014\/09\/faille-critique-shellshock-recommandations-du-cert-solucom\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Faille critique Shellshock : recommandations du CERT-Solucom"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79","name":"Arnaud Soulli\u00e9","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/arnaud-soullie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/5801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=5801"}],"version-history":[{"count":6,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/5801\/revisions"}],"predecessor-version":[{"id":12421,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/5801\/revisions\/12421"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/6092"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=5801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=5801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=5801"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=5801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}