Appuyez-vous sur des ressources clés tout au long du SDLC
Start
Intro ?
Les vulnérabilités résultant d'une mauvaise configuration ou de l'utilisation decomposants obsolètes peuvent offrir aux attaquants une porte ouverte pour compromettre non seulement les applications elles-mêmes mais aussi les données sensibles qu'elles gèrent.
Découvrez un cas d’attaque
Les attaques contre le contrôle d'accès
En résumé
Découvrez un cas d’attaque
Documentation Masterclass
VMware n'est pas à jour
En 2023, une vague de cyberattaques a ciblé les serveurs VMware ESXi, exploitant une vulnérabilité spécifique identifiée sous le nom CVE-2021-21974. Cette faille, découverte presque deux ans auparavant, était une vulnérabilité de type dépassement de tas (heap-overflow en anglais) dans les serveurs VMware ESXi. Malgré la disponibilité d'un correctif depuis près de deux ans, de nombreux serveurs n'avaient pas été mis à jour, laissant ouverte une porte d'entrée pour les cybercriminels. Cette série d'attaques, surnommée "ESXiArgs", a ciblé des serveurs VMware ESXi non patchés dans le monde entier. L'exploitation de la CVE-2021-21974 a permis l'exécution de code à distance, ce qui a rendu possible le déploiement d'un ransomware. Ce ransomware, déployé via la faille, a entraîné le chiffrement des données, causant d'importants dégâts et perturbations pour les entreprises et les organisations touchées.
Changer le titre
Documentation Masterclass
Identifer et se proteger contre les mauvaises configurations
Documentation Masterclass
Pourquoi la présence de ports ouverts non utilisés est-elle considérée comme une mauvaise configuration ?
Documentation Masterclass
Quel est le risque principal lié à l'affichage d'un message d'erreur détaillant la version exacte d'un serveur (ex: Apache 2.4.49) ?
Documentation Masterclass
Qu'est-ce qu'un identifiant CVE dans le domaine de la cybersécurité ?
Documentation Masterclass
La bonne réponse était : Utiliser une fonction de hachage robuste comme SHA-256 pour les mots de passe.
Le hachage est la méthode standard pour transformer les mots de passe en une chaîne de caractères non réversible, ce qui les protège même en cas de fuite de données.
Documentation Masterclass
En résumé
Documentation Masterclass
En résumé
Il est important de garder des versions à jour de ses logiciels et dépendances pour remédier aux vulnérabilités caractérisées par des CVE.
Des outils comme les SCA permettent de s’assurer l’utilisation des dépendances afin de ne pas introduire de vulnérabilités dans l'application web.
La sécurité est un processus continu nécessitant une attention constante pour protéger vos données et celles de vos utilisateurs.
Dans le prochain chapitre, nous allons explorer les catégories A05:2021 et A06:2021 de l'OWASP, qui mettent l'accent sur la nécessité de maintenir une configuration de sécurité adéquate et d'utiliser des composants à jour pour prévenir les vulnérabilités dans vos applications web.
Les ressources de l'OWASP
Quelques ressources pour se prémunir contre les défaillances cryptographiques
Cheatsheet sur l'implémentation de TLS
Cheatsheet sur le stockage des mots de passe
Documentation Masterclass
Thank you!
Reach us:
- Slack -@teamdoc #product-documentation
- Jira - DOC(MTA)
The team
Head of Product Documentation
5 Technical Writers 2 UX Writers
Learn more about us
1 E-Learning Program Manager
Documentation Masterclass
How do we do documentation at Scaleway
Documentation Masterclass
Content ownership
Scaleway documentation
Scaleway Learning
Scaleway console
UX WritingReaches all users, from account creation to offboarding. Goal: Intuition
Tech WritingReaches several users in every usage stage. Goal: Explanation
Program ManagerReaches fewer, experienced users. Goal: Certification
UX writing
Our goal is to make the Scaleway ecosystem as intuitive and easy to use as possible.We follow users from the moment they create an account to their offboarding, and everything in between.
Hover over the component of the schema to find out more.
Documentation
Console
Simpifiying complex stuff
Documentation Masterclass
Tech writing
Scaleway’s product documentation has everything Scalers and users need to understand and explore the Scaleway universe.A complete library of technical content to teach how to create, use, and manage our products and make the most of them.
Hover over the component of the schema to find out more.
Developers website
Product documentation website
Product documentation
Documentation Masterclass
Scaleway Learning
Scaleway’s certification program, created to empower and recognize our community’s knowledge and expertise.
Hover over the badges to find out more.
Self-register now
After your self- registration, you can directly start your learning journey
Any questions? Ask in #scaleway-learning slack channel
Scaleway Learning is maintained by the Product Documentation Team
Documentation Masterclass
Why is it important?
Use this side of the card to provide more information about a topic. Focus on one concept. Make learning and communication more efficient.
Use this side of the card to provide more information about a topic. Focus on one concept. Make learning and communication more efficient.
Use this side of the card to provide more information about a topic. Focus on one concept. Make learning and communication more efficient.
Branding
Autonomy
Usage
■ Increases brand awareness ■ Drives traffic ■ Showcases our products for prospective users
■ Builds a community with knowledge and know-how■ Gives users the freedom to discover information at their own pace ■ Reduces support tickets
■ Shows users how to use the products■ Illustrates various product use cases■ Helps new Scalers to get familiar with the Scaleway ecosystem.
Documentation Masterclass
Documentation website
Documentation Masterclass
Let's take a look
scaleway.com/en/docs
Documentation Masterclass
Content types
Documentation Masterclass
Core content
Quickstarts
How-tos
Concepts
Documentation Masterclass
Optional content
Trubleshooting
Tutorials
API and CLI
Additional content
Documentation Masterclass
Other content
FAQ
Changelog
Interactive demos
Documentation Masterclass
Developers reference
Hosted on a separate website, the Scaleway Developers Reference includes descriptions of API calls, methods, and fields that make up Scaleway APIs.
The website is maintained by a joint effort of the Product Documentation and Front Website teams, as well as the developers of each product in the Scaleway ecosystem.
General Guidelines
Documentation Masterclass
Let's work together
Documentation Masterclass
How?
Clone our Git repo & open a PR
Open a JIRA Doc ticket
Suggest an edit
- Spotted an error or think a Doc page can be improved?
- Click Edit on GitHub and make your suggestions directly to our GitHub repository.
- Clone our Git repo & open a PR.
- Preferred method to request content from the Doc team.
- Remember to follow the request process on our Confluence.
How?
Scaleway Learning
Talk to us on Slack
Console
- If you need wording done for the console, whether developing new content or improving existing, open an MTA Jira ticket for the UX Writing team.
- Visit the Scaleway Learning website to learn more about the certifications and enroll on your favorite path,
- Join the #Learning Slack community channel to interact with other participants.
- SCW Community Slack: #documentation
- SCW Slack (for internal communication):
#product-documentation, @teamdoc (for tech writers), @teamuxwriting (for UX writers) #scaleway learning (for Scaleway Learning)
Documentation Masterclass
Guidelines overview
Documentation Masterclass
Discover our guidelines
The documentation and UX writing guidelines are publicly available for Scalers, contributors, and anyone else who wants to read them:
Documentation guidelines
UX writing guidelines
Documentation Masterclass
Guidelines 101
Be objective
Provide clear instructions
Stay consistent
- Only include additional and optional information after writing the mandatory and fundamental instructions.
- Avoid grouping different instructions in only one step.
- Start each step with an action verb, using the active voice.
- Use the same concepts and wording across all content.
First, tell users what they must know to complete actions.Then, everything else they could also do, and all the ‘good-to-knows’.
1. Access the Scaleway console.2. Click Organization on the side menu.
If you start a text saying Instances, don’t switch to virtual machines halfway through.
Documentation Masterclass
Quiz
Documentation Masterclass
Documentation Masterclass
Documentation Masterclass
Documentation Masterclass
How to contribute - Demo
Documentation Masterclass
Click play to watch our demo
Documentation Masterclass
Thank you!
Reach us:
- Slack -@teamdoc #product-documentation
- Jira - DOC(MTA)
How-tos
Guides to create and manage all your resources from the Scaleway console.
See the How to create a Load Balancer
Incorrect
You should have numbered steps, like in the image.
Concepts
Core concepts explained in simple terms with architecture diagrams.
See the Concepts for GPU Instances
Correct
You need to introduce numbered steps like in the image
Quickstarts
Straightforward guides to create and use resources in a few steps.
See the Quickstart for IAM
Correct A
- Option B is wrong because we cannot confirm the existence of an account when we don’t know if the person attempting to log in is the real owner. We must keep our users’ information safe at all times, and keep potential hacking risks to a minimum.
- Option C is wrong because it has a ‘Warning!’, which can alarm users, when the situation is not serious, and by saying the combination of email and password is incorrect we are hinting that there is an account with that email address.
FAQ
Answers to the most asked questions regarding Scaleway resources.
See the FAQs
Correct A
- Option B is wrong because we cannot confirm the existence of an account when we don’t know if the person attempting to log in is the real owner. We must keep our users’ information safe at all times, and keep potential hacking risks to a minimum.
- Option C is wrong because it has a ‘Warning!’, which can alarm users, when the situation is not serious, and by saying the combination of email and password is incorrect we are hinting that there is an account with that email address.
Tutorials
Guides on how to use Scaleway resources with third-party tools.
See the Tutorials
Troubleshooting
Solutions to help you resolve known issues and prevent common problems.
See the Troubleshooting Hub
Incorrect
You should have numbered steps, like in the image.
Interactive demos
Our step-by-step previews help you explore the interface and discover our products and features.
See the Interactive demos
Incorrect
You should have numbered steps, like in the image.
Changelog
All the significant changes regarding our products, whether it is new features, updates, or even discontinuations.
See the Changelog
Correct
You need to introduce numbered steps like in the image
Additional content
Detailed information on various specific subjects.
See an Additional content for Cockpit
Correct
You need to introduce numbered steps like in the image
API and CLI
All the rules and protocols to build and interact with Scaleway applications through the code or the command line.
See the Scaleway Instances CLI Cheatsheet
Correct
You need to introduce numbered steps like in the image
Incorrect
You should have numbered steps, like in the image.
S3-C5 - Appuyez-vous sur des ressources clés tout au long du SDLC
Helpdesk Scaleway
Created on February 9, 2026
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Explainer Video: Keys to Effective Communication
View
Explainer Video: AI for Companies
View
Corporate CV
View
Flow Presentation
View
Discover Your AI Assistant
View
Urban Illustrated Presentation
View
Geographical Challenge: Drag to the map
Explore all templates
Transcript
Appuyez-vous sur des ressources clés tout au long du SDLC
Start
Intro ?
Les vulnérabilités résultant d'une mauvaise configuration ou de l'utilisation decomposants obsolètes peuvent offrir aux attaquants une porte ouverte pour compromettre non seulement les applications elles-mêmes mais aussi les données sensibles qu'elles gèrent.
Découvrez un cas d’attaque
Les attaques contre le contrôle d'accès
En résumé
Découvrez un cas d’attaque
Documentation Masterclass
VMware n'est pas à jour
En 2023, une vague de cyberattaques a ciblé les serveurs VMware ESXi, exploitant une vulnérabilité spécifique identifiée sous le nom CVE-2021-21974. Cette faille, découverte presque deux ans auparavant, était une vulnérabilité de type dépassement de tas (heap-overflow en anglais) dans les serveurs VMware ESXi. Malgré la disponibilité d'un correctif depuis près de deux ans, de nombreux serveurs n'avaient pas été mis à jour, laissant ouverte une porte d'entrée pour les cybercriminels. Cette série d'attaques, surnommée "ESXiArgs", a ciblé des serveurs VMware ESXi non patchés dans le monde entier. L'exploitation de la CVE-2021-21974 a permis l'exécution de code à distance, ce qui a rendu possible le déploiement d'un ransomware. Ce ransomware, déployé via la faille, a entraîné le chiffrement des données, causant d'importants dégâts et perturbations pour les entreprises et les organisations touchées.
Changer le titre
Documentation Masterclass
Identifer et se proteger contre les mauvaises configurations
Documentation Masterclass
Pourquoi la présence de ports ouverts non utilisés est-elle considérée comme une mauvaise configuration ?
Documentation Masterclass
Quel est le risque principal lié à l'affichage d'un message d'erreur détaillant la version exacte d'un serveur (ex: Apache 2.4.49) ?
Documentation Masterclass
Qu'est-ce qu'un identifiant CVE dans le domaine de la cybersécurité ?
Documentation Masterclass
La bonne réponse était : Utiliser une fonction de hachage robuste comme SHA-256 pour les mots de passe.
Le hachage est la méthode standard pour transformer les mots de passe en une chaîne de caractères non réversible, ce qui les protège même en cas de fuite de données.
Documentation Masterclass
En résumé
Documentation Masterclass
En résumé
Il est important de garder des versions à jour de ses logiciels et dépendances pour remédier aux vulnérabilités caractérisées par des CVE.
Des outils comme les SCA permettent de s’assurer l’utilisation des dépendances afin de ne pas introduire de vulnérabilités dans l'application web.
La sécurité est un processus continu nécessitant une attention constante pour protéger vos données et celles de vos utilisateurs.
Dans le prochain chapitre, nous allons explorer les catégories A05:2021 et A06:2021 de l'OWASP, qui mettent l'accent sur la nécessité de maintenir une configuration de sécurité adéquate et d'utiliser des composants à jour pour prévenir les vulnérabilités dans vos applications web.
Les ressources de l'OWASP
Quelques ressources pour se prémunir contre les défaillances cryptographiques
Cheatsheet sur l'implémentation de TLS
Cheatsheet sur le stockage des mots de passe
Documentation Masterclass
Thank you!
Reach us:
The team
Head of Product Documentation
5 Technical Writers 2 UX Writers
Learn more about us
1 E-Learning Program Manager
Documentation Masterclass
How do we do documentation at Scaleway
Documentation Masterclass
Content ownership
Scaleway documentation
Scaleway Learning
Scaleway console
UX WritingReaches all users, from account creation to offboarding. Goal: Intuition
Tech WritingReaches several users in every usage stage. Goal: Explanation
Program ManagerReaches fewer, experienced users. Goal: Certification
UX writing
Our goal is to make the Scaleway ecosystem as intuitive and easy to use as possible.We follow users from the moment they create an account to their offboarding, and everything in between.
Hover over the component of the schema to find out more.
Documentation
Console
Simpifiying complex stuff
Documentation Masterclass
Tech writing
Scaleway’s product documentation has everything Scalers and users need to understand and explore the Scaleway universe.A complete library of technical content to teach how to create, use, and manage our products and make the most of them.
Hover over the component of the schema to find out more.
Developers website
Product documentation website
Product documentation
Documentation Masterclass
Scaleway Learning
Scaleway’s certification program, created to empower and recognize our community’s knowledge and expertise.
Hover over the badges to find out more.
Self-register now
After your self- registration, you can directly start your learning journey
Any questions? Ask in #scaleway-learning slack channel
Scaleway Learning is maintained by the Product Documentation Team
Documentation Masterclass
Why is it important?
Use this side of the card to provide more information about a topic. Focus on one concept. Make learning and communication more efficient.
Use this side of the card to provide more information about a topic. Focus on one concept. Make learning and communication more efficient.
Use this side of the card to provide more information about a topic. Focus on one concept. Make learning and communication more efficient.
Branding
Autonomy
Usage
■ Increases brand awareness ■ Drives traffic ■ Showcases our products for prospective users
■ Builds a community with knowledge and know-how■ Gives users the freedom to discover information at their own pace ■ Reduces support tickets
■ Shows users how to use the products■ Illustrates various product use cases■ Helps new Scalers to get familiar with the Scaleway ecosystem.
Documentation Masterclass
Documentation website
Documentation Masterclass
Let's take a look
scaleway.com/en/docs
Documentation Masterclass
Content types
Documentation Masterclass
Core content
Quickstarts
How-tos
Concepts
Documentation Masterclass
Optional content
Trubleshooting
Tutorials
API and CLI
Additional content
Documentation Masterclass
Other content
FAQ
Changelog
Interactive demos
Documentation Masterclass
Developers reference
Hosted on a separate website, the Scaleway Developers Reference includes descriptions of API calls, methods, and fields that make up Scaleway APIs.
The website is maintained by a joint effort of the Product Documentation and Front Website teams, as well as the developers of each product in the Scaleway ecosystem.
General Guidelines
Documentation Masterclass
Let's work together
Documentation Masterclass
How?
Clone our Git repo & open a PR
Open a JIRA Doc ticket
Suggest an edit
How?
Scaleway Learning
Talk to us on Slack
Console
- SCW Slack (for internal communication):
#product-documentation, @teamdoc (for tech writers), @teamuxwriting (for UX writers) #scaleway learning (for Scaleway Learning)Documentation Masterclass
Guidelines overview
Documentation Masterclass
Discover our guidelines
The documentation and UX writing guidelines are publicly available for Scalers, contributors, and anyone else who wants to read them:
Documentation guidelines
UX writing guidelines
Documentation Masterclass
Guidelines 101
Be objective
Provide clear instructions
Stay consistent
First, tell users what they must know to complete actions.Then, everything else they could also do, and all the ‘good-to-knows’.
1. Access the Scaleway console.2. Click Organization on the side menu.
If you start a text saying Instances, don’t switch to virtual machines halfway through.
Documentation Masterclass
Quiz
Documentation Masterclass
Documentation Masterclass
Documentation Masterclass
Documentation Masterclass
How to contribute - Demo
Documentation Masterclass
Click play to watch our demo
Documentation Masterclass
Thank you!
Reach us:
How-tos
Guides to create and manage all your resources from the Scaleway console.
See the How to create a Load Balancer
Incorrect
You should have numbered steps, like in the image.
Concepts
Core concepts explained in simple terms with architecture diagrams.
See the Concepts for GPU Instances
Correct
You need to introduce numbered steps like in the image
Quickstarts
Straightforward guides to create and use resources in a few steps.
See the Quickstart for IAM
Correct A
FAQ
Answers to the most asked questions regarding Scaleway resources.
See the FAQs
Correct A
Tutorials
Guides on how to use Scaleway resources with third-party tools.
See the Tutorials
Troubleshooting
Solutions to help you resolve known issues and prevent common problems.
See the Troubleshooting Hub
Incorrect
You should have numbered steps, like in the image.
Interactive demos
Our step-by-step previews help you explore the interface and discover our products and features.
See the Interactive demos
Incorrect
You should have numbered steps, like in the image.
Changelog
All the significant changes regarding our products, whether it is new features, updates, or even discontinuations.
See the Changelog
Correct
You need to introduce numbered steps like in the image
Additional content
Detailed information on various specific subjects.
See an Additional content for Cockpit
Correct
You need to introduce numbered steps like in the image
API and CLI
All the rules and protocols to build and interact with Scaleway applications through the code or the command line.
See the Scaleway Instances CLI Cheatsheet
Correct
You need to introduce numbered steps like in the image
Incorrect
You should have numbered steps, like in the image.