[+] | [-]

Hello World !

Welcome to the my net home, I used it just to have a summary of stuff on which I work (and have worked).


.:Tips to handle Injection into Java application code:.

This document has for objective to provide some tips to handle Injection into Java application code.
It's a work in progress in order to create a cheatsheet about Injection topic with OWASP Java folks.
Cheatsheet name will be Stopping injection in Java cheatsheet.

.:Detection of potential malicious files into file upload:.

POC in order to protect an document upload application feature against "malicious" document submission.
It's part of a current work with OWASP Java folks in order to create an article on OWASP Wiki about this topic...

.:Hibernate Validator Security Contribs:.

Provide a set of content-checking constraint annotations, focused on security, using the JSR303 RI Hibernate Validation.

Artefacts are also published into Maven Central Repository.
Big thanks to Sonatype for this feature...

.:Android application to fuzz WIFI AP:.

This project is a POC trying to find vulnerabilites into WIFI access point (AP).

.:Docker image for web application security scanning:.

Docker build file creating a image of a box containing web application security scanners.

.:OWASP Wiki Contribs:.

Articles created:

.:OWASP SonarQube:.

Rules specification submited (rules are validated, waiting for implementation from SonarQube folks):


CVE that have found during my job for Excellium CSIRT (waiting publishing by the MITRE):


Others vulnerability that have found during my job for Excellium CSIRT:


Talks given to conferences:

.:IT Security Magazines articles:.

Article created for HAKIN9 and its associated magazines (in fact I have realized that using this channel, the information is not free then I have stopped writing article for magazine and made focus on free wiki like OWASP where information is freely available):