diff --git a/src/12-risques.md b/src/12-risques.md
index a5ea1b1..212628a 100755
--- a/src/12-risques.md
+++ b/src/12-risques.md
@@ -230,21 +230,21 @@ SELECT login, password FROM user INTO DUMPFILE 'www/exploit.txt'
 [2]:https://www.owasp.org/index.php/DOM_Based_XSS
 [3]:https://www.owasp.org/index.php/CSRF
 [4]:https://www.xudongz.com/blog/2017/idn-phishing/
-[5]:https://xato.net/10-000-top-passwords-6d6380716fe0#.q5gcg2vme
-[6]:http://xkcd.com/936/
+[5]:https://mojoauth.com/blog/why-are-businesses-still-using-passwords/
+[6]:https://xkcd.com/936/
 [7]:https://hacks.mozilla.org/2014/10/passwordless-authentication-secure-simple-and-fast-to-deploy/
 [8]:https://hackertarget.com/cowrie-honeypot-analysis-24hrs/
 [9]:https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
 [10]:https://www.owasp.org/index.php/Main_Page
-[11]:http://www.journaldunet.com/developpeur/tutoriel/php/031030php_nexen-xss1.shtml
-[12]:http://www.apprendre-php.com/tutoriels/tutoriel-39-introduction-aux-cross-site-request-forgeries-ou-sea-surf.html
+[11]:https://www.journaldunet.com/developpeur/tutoriel/php/031030php_nexen-xss1.shtml
+[12]:https://www.apprendre-php.com/tutoriels/tutoriel-39-introduction-aux-cross-site-request-forgeries-ou-sea-surf.html
 [13]:https://www.owasp.org/index.php/Webgoat
-[14]:http://www.insecurelabs.org/task
-[15]:http://google-gruyere.appspot.com/
+[14]:https://www.insecurelabs.org/task
+[15]:https://google-gruyere.appspot.com/
 [16]:https://cheatsheetseries.owasp.org/cheatsheets/NPM_Security_Cheat_Sheet.html
 [17]:https://owasp.org/www-project-mobile-top-10/
 [18]:https://www.owasp.org/images/5/57/OWASP_Proactive_Controls_2.pdf
-[19]:http://visual.ly/our-password-habits-revealed
+[19]:https://visual.ly/our-password-habits-revealed
 [20]:https://www.shodan.io/
 [21]:https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/
 [22]:https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach