WebApp Sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

431 messages starting Jan 30 06 and ending Jan 19 06
Date index | Thread index | Author index

Ace123

Who's afraid of Mallory Wolf? Ace123 (Jan 30)

Adam Tuliper

Re: get network user name Adam Tuliper (Mar 09)

Alan Murphy

RE: HTTP proxy/redirector to a unique virtual host .... Alan Murphy (Mar 16)

Alberto Paris

HTTP proxy/redirector to a unique virtual host .... Alberto Paris (Mar 15)

Alice Bryson

Re: Web Application Security Contest-Winner Alice Bryson (Feb 28)

Aman Raheja

Re: MSIE session cookies Aman Raheja (Jan 21)
Re: Cross Site Cooking Aman Raheja (Jan 31)
Re: #include file tag in HTML: possible issues? Aman Raheja (Jan 15)

Amit Klein (AKsecurity)

Re: [WEB SECURITY] XST Amit Klein (AKsecurity) (Mar 21)
WebAppSec appends advertisements to mailing list messages?! Amit Klein (AKsecurity) (Jan 06)
RE: Cross Site Cooking Amit Klein (AKsecurity) (Jan 29)
ERRATA: Re: [WEB SECURITY] XST Amit Klein (AKsecurity) (Mar 21)
Technical Note by Amit Klein: "XST Strikes Back" Amit Klein (AKsecurity) (Jan 24)
Whitepaper by Amit Klein: "HTTP Response Smuggling" Amit Klein (AKsecurity) (Feb 20)
Technical Note by Amit Klein: "Path Insecurity" Amit Klein (AKsecurity) (Mar 01)

Andre Maisonneuve

RE: [WEB SECURITY] Online Certificate of Authority Andre Maisonneuve (Mar 29)
RE: [WEB SECURITY] How to Create Secure Web Applications withStruts Andre Maisonneuve (Mar 22)
RE: [WEB SECURITY] How to Create Secure Web Applications with Struts Andre Maisonneuve (Mar 21)

Andres Molinetti

Server Identification Andres Molinetti (Mar 23)

Andrew Chong

RE: applet security Andrew Chong (Jan 09)
RE: Re: applet security Andrew Chong (Jan 12)

Andrew van der Stock

(Melbourne, Australia) SecureCon 2006 Andrew van der Stock (Jan 30)
Paper: Domain contamination by Amit Klein Andrew van der Stock (Feb 16)
Re: [SPAM] Re: SF new column announcement: How not to respond to a security advisory Andrew van der Stock (Jan 19)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Andrew van der Stock (Mar 28)
Fwd: SF new column announcement: How not to respond to a security advisory Andrew van der Stock (Jan 18)
OWASP February Meetings Andrew van der Stock (Jan 30)
Administrivia: Friday 31st March - Limited moderation, and cross-posting Andrew van der Stock (Mar 28)
Administrivia: Adverts Andrew van der Stock (Jan 10)
SF new article announcement - Malicious Malware: attacking the attackers, part 1 Andrew van der Stock (Jan 31)
SF article announcement: Patching a broken Windows Andrew van der Stock (Jan 09)
Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Andrew van der Stock (Jan 27)
SF new column annoucement: The value of vulnerabilities Andrew van der Stock (Mar 07)
Administrivia: Faulty censorware and faulty anti-virus software Andrew van der Stock (Jan 19)
SF new column announcement: Strict liability for data breaches? Andrew van der Stock (Feb 20)
Fwd: SF new column announcement: The big DRM mistake Andrew van der Stock (Mar 01)
Re: AJAX and Web application scanners Andrew van der Stock (Mar 29)
Re: [WEB SECURITY] SSL does not = a secure website Andrew van der Stock (Mar 28)
Fwd: SF new column announcement: Privacy and anonymity Andrew van der Stock (Feb 16)
Re: Who's afraid of Mallory Wolf? Andrew van der Stock (Jan 30)
On sandboxes, and why I ... don't care. Andrew van der Stock (Mar 29)
SF new interview announcement: Open source security testing methodology Andrew van der Stock (Mar 29)
Java integer overflows (was: a really long topic) Andrew van der Stock (Mar 28)
SF new article announcement: Nmap 4.00 with Fyodor Andrew van der Stock (Feb 03)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code Andrew van der Stock (Mar 28)
Administrivia: Good news, everyone. Adverts are now distinct Andrew van der Stock (Jan 11)
Consolidated OWASP Meetings for March Andrew van der Stock (Mar 02)
Fwd: SF new article announcement - Malicious Malware: attacking the attackers, part 2 Andrew van der Stock (Feb 02)
Ajax Security Presentation from OWASP Melbourne Feb Meeting Andrew van der Stock (Feb 07)

Anthony Ettinger

common practices of cleaning user input Anthony Ettinger (Mar 23)

arian.evans

XSS testing & general webapp testing on my hosted apps arian.evans (Mar 10)
RE: Crawl And interpret Flash files redux arian.evans (Feb 18)
RE: FW: Tools comparison and evaluation question (AppScan) arian.evans (Feb 18)
RE: Crawl And interpret Flash files redux arian.evans (Feb 21)
RE: (OWASP Web App Tool Project) Tools comparison and evaluation question (AppScan) arian.evans (Feb 18)
RE: Tools comparison and evaluation question (AppScan) arian.evans (Feb 17)
RE: Crawl And interpret Flash files arian.evans (Feb 16)

Auri Rahimzadeh

RE: get network user name Auri Rahimzadeh (Mar 09)

Bill Pennington

Re: [WEB SECURITY] SSL does not = a secure website Bill Pennington (Mar 28)

Brian Eaton

Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 27)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 29)
Re: [WEB SECURITY] SSL does not = a secure website Brian Eaton (Mar 28)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 25)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 27)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 29)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 29)
Re: [WEB SECURITY] SSL does not = a secure website Brian Eaton (Mar 29)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 27)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 29)

Brokken, Allen P.

FW: Publication of Vulnerabilities in Vendor Code Brokken, Allen P. (Mar 10)
RE: FW: Tools comparison and evaluation question (AppScan) Brokken, Allen P. (Feb 17)

Bryan Murphy

Re: [WEB SECURITY] Server Identification Bryan Murphy (Mar 23)

bugtraq

SQL Injecting RFID Readers bugtraq (Mar 16)
Defacing Groups using PHP Include Attacks as Vector bugtraq (Jan 09)
U.S. Objects to Snort Purchase by Israel-Based Check Point bugtraq (Mar 03)
How to Create Secure Web Applications with Struts bugtraq (Mar 19)
Oracle in war of words with security researcher bugtraq (Jan 26)

Burke, Charles

FW: Tools comparison and evaluation question (AppScan) Burke, Charles (Feb 17)
RE: Tools comparison and evaluation question (AppScan) Burke, Charles (Feb 17)

Byron Sonne

Re: [SPAM] Re: SF new column announcement: How not to respond to a security advisory Byron Sonne (Jan 19)
Re: Oracle in war of words with security researcher Byron Sonne (Jan 27)
Re: [SPAM] Re: SF new column announcement: How not to respond to a security advisory Byron Sonne (Jan 19)

Charles Miller

Re: MD5 math question Charles Miller (Jan 06)
Re: Felony For Refreshing A Web Page Charles Miller (Jan 08)
Re: MD5 math question Charles Miller (Jan 05)

Christopher Kunz

Re: PHP based defacing tool usage continue to rise Christopher Kunz (Feb 03)
Re: PHP based defacing tool usage continue to rise Christopher Kunz (Jan 30)
Re: Mambo File Inclusion Attacks Christopher Kunz (Jan 15)

Chris Varenhorst

Livejournal opens unoffical XSS security challenge Chris Varenhorst (Jan 31)
Re: MD5 math question Chris Varenhorst (Jan 03)

Chuck

Re: sql comment in access Chuck (Jan 22)
Re: FW: RE: MD5 math question Chuck (Jan 06)

Clement Dupuis

RE: WebAppSec appends advertisements to mailing list messages?! Clement Dupuis (Jan 10)

contact

Announcement: The Web Application Firewall Evaluation Criteria v1 Released contact (Jan 17)
Announcement: Domain Contamination By Amit Klein contact (Feb 06)
Announcement: The Web Hacking Incidents Database contact (Mar 27)
Announcement: WASC Threat Classification in German contact (Mar 06)
Paros 3.2.9 release contact (Jan 15)

Damhuis Anton

RE: Web App Traps (custom IDS) Damhuis Anton (Jan 09)
RE: Writing to a local file without a warning Damhuis Anton (Mar 29)

Dave Wichers

Preliminary Announcement: 2006 European OWASP AppSec Conference - May 30-31, 2006 near Brussels Dave Wichers (Jan 14)
OWASP AppSec Europe 2006 Agenda Posted Dave Wichers (Mar 05)
Update on: 2006 European OWASP AppSec Conference - May 30-31, 2006 near Brussels Dave Wichers (Jan 23)
Reminder: 2006 European OWASP AppSec Conference - May 30-31, 2006 near Brussels Dave Wichers (Mar 21)
Call For Papers: 2006 OWASP AppSec Europe Conference Dave Wichers (Jan 13)

david_allouch

Re: RE: RE: Tools comparison and evaluation question (AppScan) david_allouch (Mar 22)

David Munge

RE: FW: Tools comparison and evaluation question (AppScan) David Munge (Feb 17)

davidribyrne

Re: HTTP proxy/redirector to a unique virtual host .... davidribyrne (Mar 16)

Dean H. Saxe

Re: applet security Dean H. Saxe (Jan 09)
Re: Web Application Security Contest - New Procedure Dean H. Saxe (Jan 20)

Debasis Mohanty

Article: "Security Testing Demystified" Debasis Mohanty (Jan 18)
w3wp remote DoS Debasis Mohanty (Mar 22)

Deb Hale

RE: [WEB SECURITY] Server Identification Deb Hale (Mar 23)

Dhruv Soi

Re: Fortify Source Code Auditing Suite and the like Dhruv Soi (Feb 17)

Dimitris Petropoulos

RE: SSL Ciphers Dimitris Petropoulos (Mar 31)

Dinis Cruz

[Full-disclosure] Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Mar 28)
Re: benchmarking the web app scanners Dinis Cruz (Jan 23)
Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Mar 27)
Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Mar 28)
(SiteGenerator) re: benchmarking the web app scanners Dinis Cruz (Jan 22)
Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Mar 28)
On sandboxes, and why you should care Dinis Cruz (Mar 30)
Owasp SiteGenerator v0.70 (public beta release) Dinis Cruz (Mar 28)
[Full-disclosure] Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Mar 28)
Request for licence to help in Owasp's SiteGenerator Development Dinis Cruz (Mar 28)
4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Mar 25)

Dominick LaTrappe

Call for Participation: HOPE#6, July 21-23 Dominick LaTrappe (Mar 17)

dontbugme

Re: Re: notice: mambo scanner dontbugme (Jan 17)

dp

Re: Virtual IP addresses dp (Feb 22)
Re: Crawl And interpret Flash files redux dp (Feb 20)
Re: A study in Application Based Intrusion Detection dp (Mar 15)

dpw

RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability dpw (Jan 11)

Dragos Ruiu

CanSecWest/core06 Vancouver April 3-7 Dragos Ruiu (Mar 08)
EUSecWest papers and CanSecWest CFP Dragos Ruiu (Jan 15)

D . Snezhkov

Re: FW: Publication of Vulnerabilities in Vendor Code D . Snezhkov (Mar 10)

Ebeling, Jr., Herman Frederick

RE: Felony For Refreshing A Web Page Ebeling, Jr., Herman Frederick (Jan 07)
RE: Felony For Refreshing A Web Page Ebeling, Jr., Herman Frederick (Jan 07)
RE: Felony For Refreshing A Web Page Ebeling, Jr., Herman Frederick (Jan 08)

Eliah Kagan

Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic) Eliah Kagan (Mar 28)
Re: [Full-disclosure] Re: Java integer overflows (was: a really longtopic) Eliah Kagan (Mar 28)

Eoin

OWASP chapter meeting Dublin 20th March. Eoin (Mar 01)
Re: Java integer overflows (was: a really long topic) Eoin (Mar 29)

Eric Swanson

RE: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code Eric Swanson (Mar 27)

Erwan Legrand

Re: Cross Site Cooking Erwan Legrand (Jan 31)
Re: Who's afraid of Mallory Wolf? Erwan Legrand (Jan 31)

Erwin Geirnaert

RE: FW: Tools comparison and evaluation question (AppScan) Erwin Geirnaert (Feb 17)

Evans, Arian

RE: Cross Site Cooking Evans, Arian (Jan 31)
BlackHat AMS & SQL Injection Evans, Arian (Feb 15)
RE: AJAX and Web application scanners Evans, Arian (Mar 28)
AMD web forums trojaned by WMF exploit Evans, Arian (Jan 31)

Evert Collab

Re: [WEB SECURITY] SSL does not = a secure website Evert Collab (Mar 29)

exon

Re: MD5 math question exon (Jan 06)
Re: Felony For Refreshing A Web Page exon (Jan 07)
Re: Felony For Refreshing A Web Page exon (Jan 07)
Re: MD5 math question exon (Jan 07)
Re: MD5 math question exon (Jan 06)

foo

Re: Virtual IP addresses foo (Feb 22)

Francois Larouche

Official release of SQL Power Injector v1.0 Francois Larouche (Feb 15)

Frank Heyne

Writing to a local file without a warning Frank Heyne (Mar 28)
Re: Writing to a local file without a warning Frank Heyne (Mar 29)

Frank Piessens

Call For Papers: 2006 OWASP AppSec Europe Conference Frank Piessens (Feb 08)

Frederic Charpentier

XST Frederic Charpentier (Mar 21)

Gavin, Michael

RE: RE: Tools comparison and evaluation question (AppScan) Gavin, Michael (Feb 19)

Geoffrey

Re: [WEB SECURITY] Online Certificate of Authority Geoffrey (Mar 29)

George Capehart

Re: [WEB SECURITY] How to Create Secure Web Applications with Struts George Capehart (Mar 21)

Georgi Alexandrov

Re: Suggestion: email anti-spoof measure on web site Georgi Alexandrov (Jan 23)

Gervase Markham

Re: [WEB SECURITY] SSL does not = a secure website Gervase Markham (Mar 29)

Giuseppe DELL'ERBA

RE: #include file tag in HTML: possible issues? Giuseppe DELL'ERBA (Jan 20)
#include file tag in HTML: possible issues? Giuseppe DELL'ERBA (Jan 14)
RE: #include file tag in HTML: possible issues? Giuseppe DELL'ERBA (Jan 17)

Griffiths, Ian

RE: Writing to a local file without a warning Griffiths, Ian (Mar 28)

Hall, Carl

RE: Please Review a Diffie Hellman diagram Hall, Carl (Jan 09)
RE: Please Review a Diffie Hellman diagram Hall, Carl (Jan 10)

Hemil

Re: Virtual IP addresses Hemil (Feb 23)
net-square tools release announcement:MSNPawn Hemil (Jan 12)

Ivan Ristic

Re: Technical Note by Amit Klein: "XST Strikes Back" Ivan Ristic (Jan 26)

JAMES N. BARBIERI

RE: [WEB SECURITY] How to Create Secure Web Applications with Struts JAMES N. BARBIERI (Mar 22)

James Strassburg

RE: [WEB SECURITY] SSL does not = a secure website James Strassburg (Mar 28)

James Walden

Static vs Dynamic Analysis (was RE: AJAX and Web application scanners) James Walden (Mar 29)

Jamie Lawrence

Re: [WEB SECURITY] Free tool to analyse and post http request Jamie Lawrence (Mar 23)

Jason

Re: Web App Traps (custom IDS) Jason (Jan 09)

Jason Coombs

Re: Felony For Refreshing A Web Page Jason Coombs (Jan 07)

Jason Gregson

RE: WebAppSec appends advertisements to mailing list messages?! Jason Gregson (Jan 10)

Jason Murray

Re: Please Review a Diffie Hellman diagram Jason Murray (Jan 08)

Jean-Jacques Halans

Re: Hacking With The Google Search Engine Jean-Jacques Halans (Jan 17)
Re: MSIE session cookies Jean-Jacques Halans (Jan 19)

Jeff Gercken

RE: HTTP proxy/redirector to a unique virtual host .... Jeff Gercken (Mar 17)

Jeff Moss

Black Hat Call for Papers and Registration now open Jeff Moss (Mar 31)
DEF CON 14 is now in effect! The Call for Papers is open. Jeff Moss (Feb 22)
Black Hat USA CFP opens, Europe early bird reminder, Federal news Jeff Moss (Feb 02)

Jeff Robertson

RE: MD5 math question Jeff Robertson (Jan 07)
MD5 math question Jeff Robertson (Jan 03)
RE: AJAX and Web application scanners Jeff Robertson (Mar 29)
RE: applet security Jeff Robertson (Jan 09)

Jeff Williams

RE: HttpOnly and J2EE containers Jeff Williams (Feb 17)
Re: 4 Questions: Latest IE vulnerability,Firefox vs IE security, Uservs Admin risk profile, and browsers coded in100% Managed Verifiable code Jeff Williams (Mar 28)
RE: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code Jeff Williams (Mar 27)
RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Jeff Williams (Mar 25)

Jeremy Bellwood

RE: [WEB SECURITY] SSL does not = a secure website Jeremy Bellwood (Mar 28)

Jim Geovedi

BCS Asia 2006 - Call for Papers Jim Geovedi (Feb 17)

Joe Ciechanowski

Re: [Full-disclosure] Re: [Owasp-dotnet] RE: 4 Questions: Latest IEvulnerability, Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code Joe Ciechanowski (Mar 31)

Joe White

RE: FW: Tools comparison and evaluation question (AppScan) Joe White (Feb 17)

John Bond

Re: sql comment in access John Bond (Jan 23)
Re: MSIE session cookies John Bond (Jan 19)
Re: sql comment in access John Bond (Jan 23)
Re: MSIE session cookies John Bond (Jan 19)
get network user name John Bond (Mar 09)
Re: MSIE session cookies John Bond (Jan 19)
Re: MSIE session cookies John Bond (Jan 20)
Re: MSIE session cookies John Bond (Jan 19)
MSIE session cookies John Bond (Jan 18)
Re: get network user name John Bond (Mar 10)

john-secfocus

Re: Cross Site Cooking john-secfocus (Jan 31)

John . T . Burkhart

Re: HTTP proxy/redirector to a unique virtual host .... John . T . Burkhart (Mar 16)

Jon Hart

Re: #include file tag in HTML: possible issues? Jon Hart (Jan 17)
Re: Virtual IP addresses Jon Hart (Feb 22)

Josh

Re: get network user name Josh (Mar 09)
Re: get network user name Josh (Mar 09)
Re: get network user name Josh (Mar 11)

Joshua Perrymon

Virtual IP addresses Joshua Perrymon (Feb 22)

kaskasi

Re: Re: PHP based defacing tool usage continue to rise kaskasi (Feb 06)

Kevin Johnson

Re: Server Identification Kevin Johnson (Mar 24)

KF (lists)

Re: [Full-disclosure] Java integer overflows (was: a really long topic) KF (lists) (Mar 30)

King, Stuart (REHQ-LON)

RE: Tools comparison and evaluation question (AppScan) King, Stuart (REHQ-LON) (Feb 17)

kp

A study in Application Based Intrusion Detection kp (Mar 15)
Re: A study in Application Based Intrusion Detection kp (Mar 15)

Kris Kahn

Re: Offtopic: Guidelines for Safe Internet brownsing for minors Kris Kahn (Mar 25)

Kurt Seifried

[SPAM] Re: [SPAM] Re: SF new column announcement: How not to respond to a security advisory Kurt Seifried (Jan 19)
[SPAM] Re: SF new column announcement: How not to respond to a security advisory Kurt Seifried (Jan 19)

Kyle Maxwell

Re: FW: Publication of Vulnerabilities in Vendor Code Kyle Maxwell (Mar 10)

Labe Grzegorz DRS-BSI Centrala

RE: MSIE session cookies Labe Grzegorz DRS-BSI Centrala (Jan 19)

lakewood1 () copper net

Re: Felony For Refreshing A Web Page lakewood1 () copper net (Jan 09)

Lance James

Re: [DCC SPAM] Hacking With The Google Search Engine Lance James (Jan 17)

leighm

Re: FW: Publication of Vulnerabilities in Vendor Code leighm (Mar 10)

Luciano Miguel Ferreira Rocha

Re: HTTP proxy/redirector to a unique virtual host .... Luciano Miguel Ferreira Rocha (Mar 16)

Lucien Fransman

Re: Tools comparison and evaluation question (AppScan) Lucien Fransman (Feb 17)

Lyal Collins

RE: [WEB SECURITY] SSL does not = a secure website Lyal Collins (Mar 29)

ma . huijuan

Re: Re: Suggestion: email anti-spoof measure on web site ma . huijuan (Jan 19)
Suggestion: email anti-spoof measure on web site ma . huijuan (Jan 18)

Mark Atherton

RE: sql comment in access Mark Atherton (Jan 23)

Mark Curphey

Update on OWASP London Next Week Mark Curphey (Mar 01)
London next week for some Naked Application Security ? Mark Curphey (Feb 28)

Mark Mcdonald

RE: [WEB SECURITY] SSL does not = a secure website Mark Mcdonald (Mar 28)

Mark Ryan del Moral Talabis

PHP based defacing tool usage continue to rise Mark Ryan del Moral Talabis (Jan 30)
Web attacks, phpBB mass-hack and the PHP Honeypot Project Mark Ryan del Moral Talabis (Mar 22)
Re: PHP based defacing tool usage continue to rise Mark Ryan del Moral Talabis (Jan 31)
Awstats and XMLRPC for PHP attacks Mark Ryan del Moral Talabis (Jan 08)
Re: Mambo File Inclusion Attacks Mark Ryan del Moral Talabis (Jan 17)
Mambo File Inclusion Attacks Mark Ryan del Moral Talabis (Jan 15)

Markus Vervier

Re: Re: [SPAM] Re: SF new column announcement: How not to respond to a security advisory Markus Vervier (Jan 21)

Matt Fisher

RE: Hacking With The Google Search Engine Matt Fisher (Jan 17)

Matthieu

Re: XSS online tester Matthieu (Jan 12)
XSS online tester Matthieu (Jan 11)

Matt Schmotzer

RE: [WEB SECURITY] Server Identification Matt Schmotzer (Mar 23)

Meder Kydyraliev

Re: Web App Traps (custom IDS) Meder Kydyraliev (Jan 09)
Web App Traps (custom IDS) Meder Kydyraliev (Jan 08)

Michael Silk

Re: applet security Michael Silk (Jan 11)

michaelslists

Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic) michaelslists (Mar 28)
Re: Java integer overflows (was: a really long topic) michaelslists (Mar 28)
Re: [WEB SECURITY] SSL does not = a secure website michaelslists (Mar 28)
[Full-disclosure] Re: Java integer overflows (was: a really longtopic) michaelslists (Mar 28)
Re: [WEB SECURITY] SSL does not = a secure website michaelslists (Mar 28)
Re: [Full-disclosure] Re: [Owasp-dotnet] Re: 4 Questions: Latest IEvulnerability, Firefox vs IE security, Uservs Admin risk profile,and browsers coded in100% Managed Verifiable code michaelslists (Mar 29)
Re: [WEB SECURITY] SSL does not = a secure website michaelslists (Mar 28)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists (Mar 28)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists (Mar 28)
Re: On sandboxes, and why I ... don't care. michaelslists (Mar 30)
Re: [Owasp-dotnet] Re: 4 Questions: Latest IE vulnerability,Firefox vs IE security, Uservs Admin risk profile, and browsers coded in100% Managed Verifiable code michaelslists (Mar 29)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code michaelslists (Mar 28)
Re: [Full-disclosure] Re: Java integer overflows (was: a really longtopic) michaelslists (Mar 28)

Michal Zalewski

Cross Site Cooking Michal Zalewski (Jan 28)
Re: Cross Site Cooking Michal Zalewski (Feb 02)
RE: Cross Site Cooking Michal Zalewski (Jan 30)
Re: Cross Site Cooking Michal Zalewski (Jan 31)

mike

Re: Dubious -- New firefox master password cracker and firefox signon password decryptor...!!! mike (Jan 01)
Re: Re: Re: Suggestion: email anti-spoof measure on web site mike (Jan 20)
Re: Suggestion: email anti-spoof measure on web site mike (Jan 19)

mr . dan . friedman

Re: RE: Tools comparison and evaluation question (AppScan) mr . dan . friedman (Feb 19)

Mrinal Biswas

RE: Please Review a Diffie Hellman diagram Mrinal Biswas (Jan 09)

Navroz Shariff

RE: MD5 math question Navroz Shariff (Jan 04)

Nick Owen

Re: [WEB SECURITY] SSL does not = a secure website Nick Owen (Mar 28)

oc . rynning . no

Re: Securing Tomcat oc . rynning . no (Jan 06)

ol

Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L]4 Questions: Latest IE vulnerability, Firefox vs IE security,Uservs Admin risk profile,and browsers coded in 100% Managed Verifiable code ol (Mar 27)

organiser () syscan org

Call For Paper - SyScan'06 Singapore organiser () syscan org (Jan 24)
SyScan'06 Call For Papers organiser () syscan org (Mar 05)

Ory Segal

RE: WebAppSec appends advertisements to mailing list messages?! Ory Segal (Jan 10)

owaspflorida

New OWAP Florida Chapter! owaspflorida (Feb 18)

pagvac

SSL Ciphers pagvac (Mar 30)
Purple Paper: Exegesis Of Virtual Hosts Hacking pagvac (Mar 09)

Paul Laudanski

Re: [DCC SPAM] Hacking With The Google Search Engine Paul Laudanski (Jan 19)
RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability Paul Laudanski (Jan 11)
Hacking With The Google Search Engine Paul Laudanski (Jan 15)
PayPal Phishing Site Exploits Google XSS Vulnerability Paul Laudanski (Jan 11)
Re: PayPal Phishing Site Exploits Google XSS Vulnerability Paul Laudanski (Jan 11)

Paul Schmehl

Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Paul Schmehl (Jan 27)

Paul Wong

Re: Virtual IP addresses Paul Wong (Feb 23)

Pavel Kankovsky

Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 28)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 28)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefoxvs IE security, User vs Admin risk profile, and browsers coded in 100%Managed Verifiable code Pavel Kankovsky (Mar 28)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 27)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 27)

Peine,Holger

RE: Tools comparison and evaluation question (AppScan) Peine,Holger (Feb 17)

Pete Herzog

Event Speaker Pete Herzog (Feb 23)
OSSTMM Security Analyst Training Live Stream on the Web Pete Herzog (Mar 29)

Peter Conrad

Re: WebAppSec appends advertisements to mailing list messages?! Peter Conrad (Jan 10)
Re: WebAppSec appends advertisements to mailing list messages?! Peter Conrad (Jan 10)

Peter Parker

Re: [Announcement] Security Certification for Applications Peter Parker (Feb 27)

Peter Watkins

Re: Referer/302 behavior [WEB SECURITY] Web Hacking... PayPal Phishing ... Google redirect Peter Watkins (Jan 31)

Peter Wood

Re: FW: Tools comparison and evaluation question (AppScan) Peter Wood (Feb 17)

Pilon Mntry

HttpOnly and J2EE containers Pilon Mntry (Feb 15)
Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Pilon Mntry (Mar 22)
Re: Firefox, Netcraft Toolbar, and FlashBlock Pilon Mntry (Feb 16)
Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Pilon Mntry (Mar 21)
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pilon Mntry (Mar 27)
Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Pilon Mntry (Mar 21)
RE: HttpOnly and J2EE containers Pilon Mntry (Feb 20)

PPowenski

RE: [WEB SECURITY] SSL does not = a secure website PPowenski (Mar 29)
RE: [WEB SECURITY] How to Create Secure Web Applications with Struts PPowenski (Mar 22)

Praburaajan

HITBSecConf2005 Videos Released ! Praburaajan (Jan 19)
HITBSecConf2006 - Malaysia: Call for Papers Praburaajan (Mar 04)

rajeshdilli

Re: RE: AJAX and Web application scanners rajeshdilli (Mar 28)
AJAX and Web application scanners rajeshdilli (Mar 27)

Ratna Kumar

Re: Tools comparison and evaluation question (AppScan) Ratna Kumar (Feb 17)

Richard M. Smith

RE: applet security Richard M. Smith (Jan 10)
RE: MSIE session cookies Richard M. Smith (Jan 19)
RE: MSIE session cookies Richard M. Smith (Jan 19)
RE: MSIE session cookies Richard M. Smith (Jan 19)
RE: MSIE session cookies Richard M. Smith (Jan 19)

Richard St John

Re: [WEB SECURITY] SSL does not = a secure website Richard St John (Mar 28)

robert

Re: Oracle in war of words with security researcher robert (Jan 27)

Robin Wood

Re: sql comment in access Robin Wood (Jan 23)
sql comment in access Robin Wood (Jan 21)
sql comment in access Robin Wood (Jan 20)

Rogan Dawes

Re: AJAX and Web application scanners Rogan Dawes (Mar 28)
Re: Crawl And interpret Flash files Rogan Dawes (Feb 15)
Request for beta-testers: WebScarab Rogan Dawes (Jan 23)

Roshen Chandran

[Announcement] Security Certification for Applications Roshen Chandran (Feb 26)

RSnake

RE: [WEB SECURITY] Web Hacking Incident: PayPal Phishing Site Exploits Google XSS Vulnerability RSnake (Jan 11)
Re: Redirection obfuscation in FF and NS RSnake (Mar 20)
Redirection obfuscation in FF and NS RSnake (Mar 20)

Rui Pereira (WCG)

RE: Tools comparison and evaluation question (AppScan) Rui Pereira (WCG) (Feb 17)

Rusty Bug

Re: Web Application Security Contest-Winner Rusty Bug (Feb 27)

Ryan Barnett

Re: [WEB SECURITY] SSL does not = a secure website Ryan Barnett (Mar 29)

Ryan McGeehan

Re: Hacking With The Google Search Engine Ryan McGeehan (Jan 17)

Sandeep Shetty

Re: XSS online tester Sandeep Shetty (Jan 13)

Sanjay Rawat

RE: Please Review a Diffie Hellman diagram Sanjay Rawat (Jan 09)
Re: Please Review a Diffie Hellman diagram Sanjay Rawat (Jan 09)

Saqib Ali

Offtopic: Guidelines for Safe Internet brownsing for minors Saqib Ali (Mar 24)
Please Review a Diffie Hellman diagram Saqib Ali (Jan 07)
Re: Redirection obfuscation in FF and NS Saqib Ali (Mar 20)
Crimeware coverage by Scientific American Saqib Ali (Mar 03)
Re: Redirection obfuscation in FF and NS Saqib Ali (Mar 20)
Re: [Full-disclosure] Re: [Owasp-dotnet] RE: 4 Questions: Latest IEvulnerability, Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code Saqib Ali (Mar 31)
VMware moves to free with Server product Saqib Ali (Feb 03)
Re: Firefox, Netcraft Toolbar, and FlashBlock Saqib Ali (Feb 17)
Re: Please Review a Diffie Hellman diagram Saqib Ali (Jan 10)
Re: Please Review a Diffie Hellman diagram Saqib Ali (Jan 10)
Re: Please Review a Diffie Hellman diagram Saqib Ali (Jan 14)
Firefox, Netcraft Toolbar, and FlashBlock Saqib Ali (Feb 16)

Sasha Romanosky

RE: FW: Publication of Vulnerabilities in Vendor Code Sasha Romanosky (Mar 11)

Schmidt, Albert E

Interesting University Security Weakness Schmidt, Albert E (Mar 20)

Scott Hamm

Re: MSIE session cookies Scott Hamm (Jan 19)

Sebastien Deleersnyder

RE: [WEB SECURITY] SSL does not = a secure website Sebastien Deleersnyder (Mar 28)
RE: MSIE session cookies Sebastien Deleersnyder (Jan 19)

Serg B.

Re: Tools comparison and evaluation question (AppScan) Serg B. (Feb 17)
Re: FW: Tools comparison and evaluation question (AppScan) Serg B. (Feb 17)

Serg Belokamen

Tools comparison and evaluation question (AppScan) Serg Belokamen (Feb 16)

shwaya

Re: PayPal Phishing Site Exploits Google XSS Vulnerability shwaya (Jan 12)

Simon Roberts

Re: [Full-disclosure] Java integer overflows (was: a really long topic) Simon Roberts (Mar 29)

spammailme

Fortify Source Code Auditing Suite and the like spammailme (Feb 17)

Stelian Ene

Re: PayPal Phishing Site Exploits Google XSS Vulnerability Stelian Ene (Jan 11)

Stephen de Vries

A Modular Approach to Data Validation in Web Applications Stephen de Vries (Mar 27)
Re: On sandboxes, and why you should care Stephen de Vries (Mar 31)
Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code Stephen de Vries (Mar 27)
Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code Stephen de Vries (Mar 29)
Mac OS X packages of proxy tools Stephen de Vries (Jan 06)
Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Stephen de Vries (Mar 21)
Re: Securing Tomcat Stephen de Vries (Jan 09)
Re: [WEB SECURITY] How to Create Secure Web Applications with Struts Stephen de Vries (Mar 20)

Steve Barnet

Re: applet security Steve Barnet (Jan 12)

steven_debough

Marking Session IDs as Secure in IIS 6.0 steven_debough (Mar 16)

Steven Rebello

Re: SF new article announcement - Malicious Malware: attacking the attackers, part 1 Steven Rebello (Jan 31)

sthalkidis

Re: Re: Re: Web Application Security Contest - New Procedure sthalkidis (Jan 22)
Security Patterns Application Security Contest sthalkidis (Jan 21)
Web Application Security Contest - Vulnerabilities sthalkidis (Mar 14)
Re: Re: Web Application Security Contest - New Procedure sthalkidis (Jan 21)
Web Application Security Contest-Winner sthalkidis (Feb 22)
Re: Re: Re: Re: Web Application Security Contest - New Procedure sthalkidis (Jan 24)
Web Application Security Contest - New Procedure sthalkidis (Jan 20)
Web Application Security Contest - One week left sthalkidis (Feb 15)

Talwar, Mansi

RE: Tools comparison and evaluation question (AppScan) Talwar, Mansi (Feb 17)

Tate Hansen

RE: AJAX and Web application scanners Tate Hansen (Mar 28)

tester

Crawl And interpret Flash files tester (Feb 15)

test . future

applet security test . future (Jan 09)
Re: applet security test . future (Jan 11)
web-based risk management tool in SDLC test . future (Feb 15)
Re: Re: applet security test . future (Jan 12)
Re: Re: applet security test . future (Jan 12)

Thomas Chiverton

Re: HTTP proxy/redirector to a unique virtual host .... Thomas Chiverton (Mar 16)

thomas.jones

RE: AJAX and Web application scanners thomas.jones (Mar 28)
benchmarking the web app scanners thomas.jones (Jan 20)
SSL does not = secure web site thomas.jones (Mar 28)

thomas springer

Re: Virtual IP addresses thomas springer (Feb 22)

Tim

Re: MD5 math question Tim (Jan 07)
Re: MD5 math question Tim (Jan 03)
Re: MD5 math question Tim (Jan 07)
Re: MD5 math question Tim (Jan 06)

Tim Hollebeek

RE: [Full-disclosure] Java integer overflows (was: a really long topic) Tim Hollebeek (Mar 30)

tim . m . james

Memo: Re: MD5 math question tim . m . james (Jan 04)
Memo: Re: MD5 math question tim . m . james (Jan 06)

tlmacgi

Re: [WEB SECURITY] Re: Oracle in war of words with security researcher tlmacgi (Jan 27)

Todd Ellner

Re: Felony For Refreshing A Web Page Todd Ellner (Jan 07)

Todd Hendricks

Re: Writing to a local file without a warning Todd Hendricks (Mar 29)

Tommy

Re: Tools comparison and evaluation question (AppScan) Tommy (Feb 19)

Tommy Baker

RE: Server Identification Tommy Baker (Mar 23)

Valdis . Kletnieks

Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Valdis . Kletnieks (Mar 25)

Valkyrie

Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Valkyrie (Jan 27)

veille_audit

RE: MSIE session cookies veille_audit (Jan 19)

Vicente Aguilera

Creation of OWASP Spain chapter Vicente Aguilera (Feb 09)
A new OWASP project! Vicente Aguilera (Feb 09)

Vipul Kumra

RE: MD5 math question Vipul Kumra (Jan 04)
FW: RE: MD5 math question Vipul Kumra (Jan 04)

Wall, Kevin

RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code Wall, Kevin (Mar 25)

Xyberpix

RE: Tools comparison and evaluation question (AppScan) Xyberpix (Feb 17)
Re: FW: Tools comparison and evaluation question (AppScan) Xyberpix (Feb 17)

yeesan wong

Re: [WEB SECURITY] Free tool to analyse and post http request yeesan wong (Mar 24)

Zapotek

Re: PHP based defacing tool usage continue to rise Zapotek (Jan 30)

zeno

Thick Clients Gone Wrong zeno (Jan 07)
Felony For Refreshing A Web Page zeno (Jan 06)

Zhou, Joe [HR]

RE: MSIE session cookies Zhou, Joe [HR] (Jan 21)
RE: MSIE session cookies Zhou, Joe [HR] (Jan 19)

Previous period

Next period