WebApp Sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

317 messages starting Jul 01 06 and ending Sep 28 06
Date index | Thread index | Author index

Saturday, 01 July

Re: Webscarab how to? Jezebel Ali
Re: Webscarab how to? Rogan Dawes

Sunday, 02 July

RE: Two-Factor Authentication on the Web Gaydosh, Adam

Monday, 03 July

RE: Two-Factor Authentication on the Web Glenn.Everhart
RE: Two-Factor Authentication on the Web Popowycz, Alex
Re: Two-Factor Authentication on the Web Andrew van der Stock
Re: Re: Webscarab how to? mr . nasty
RE: Two-Factor Authentication on the Web Lyal Collins

Tuesday, 04 July

RE: Re: Webscarab how to? PPowenski
Re: Webscarab how to? Rogan Dawes

Wednesday, 05 July

Cross Site Scripting in Google RSnake
RE: Two-Factor Authentication on the Web Lyal Collins
Re: [WEB SECURITY] Cross Site Scripting in Google bugtraq
RE: Two-Factor Authentication on the Web Popowycz, Alex
RE: Two-Factor Authentication on the Web James Pujals
Re: [WEB SECURITY] Cross Site Scripting in Google Collin Jackson
Re: [WEB SECURITY] Cross Site Scripting in Google RSnake

Thursday, 06 July

Re: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google Javor Ninov
RE: Two-Factor Authentication on the Web PPowenski
RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google Martin O'Neal
Re: [WEB SECURITY] Cross Site Scripting in Google RSnake

Friday, 07 July

Re: Two-Factor Authentication on the Web mikeiscool

Saturday, 08 July

DMZ and critical data Pedro Henrique Morsch Mazzoni
RFID and Banking Chris Chandler
Re: RE: Re: Webscarab how to? f_kenisky

Sunday, 09 July

Re: RE: Re: Webscarab how to? c0redump
Re: DMZ and critical data 蓝牙
Re: DMZ and critical data sarbanha
Re: DMZ and critical data Ken Adler - QDSP, CISSP, PMP, CISA
RE: DMZ and critical data Brian J. Bartlett
Re: Webscarab how to? Rogan Dawes
Re: DMZ and critical data Mohammad Ali Sarbanha
Intrusion Detection David Robert

Monday, 10 July

Re: Intrusion Detection Ivan Ristic
How to perform SSL certificate validation ? Nagareshwar Talekar
RE: Intrusion Detection Jeremy_Powell
How to perform SSL certificate validation ? Nagareshwar Talekar
Re: How to perform SSL certificate validation ? Ron
Re: Intrusion Detection Jamie Riden
RE: How to perform SSL certificate validation ? Dominick Baier

Tuesday, 11 July

RE: How to perform SSL certificate validation ? Wall, Kevin
Re: Intrusion Detection Daniel Cid
RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google tcp fin
Oracle SQL Injection Mark Keegan
RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google PPowenski
Re: How to perform SSL certificate validation ? Nagareshwar Talekar
Re: Oracle SQL Injection Tim
Re: Oracle SQL Injection Cesar
Fwd: How to perform SSL certificate validation ? Mugdha Bendre
Re: Oracle SQL Injection Andrew van der Stock

Wednesday, 12 July

Re: Intrusion Detection David Ryan
RE: Oracle SQL Injection Mark Keegan
Convenience or just bad design? Saqib Ali
Re: Oracle SQL Injection Tim
RE: Oracle SQL Injection Mark Keegan
Directed phishing attacks- protection methods Joshua Perrymon
Re: Intrusion Detection skarvin
RE: Oracle SQL Injection Integrigy
RE: Convenience or just bad design? Robert D. Holtz
Re: How to perform SSL certificate validation ? Max
Preliminary CFP:The 2nd International Conference on Availability, Reliability and Security (ARES 07), Vienna, Austria, April 10-13, 2007 Manh Tho
Re: Oracle SQL Injection Esteban Martinez Fayo

Thursday, 13 July

Re: How to perform SSL certificate validation ? Nagareshwar Talekar

Friday, 14 July

Is there an Open Source Vulnerability Analysis Framework? Steve Armstrong

Saturday, 15 July

Re: How to perform SSL certificate validation ? paseidon76
Re: How to perform SSL certificate validation ? Jason

Sunday, 16 July

Re: Is there an Open Source Vulnerability Analysis Framework? killy

Monday, 17 July

Re: Is there an Open Source Vulnerability Analysis Framework? Gareth Davies
Re: Two-Factor Authentication on the Web Devdas Bhagat
Re: Is there an Open Source Vulnerability Analysis Framework? Christian Martorella
PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30) Dragos Ruiu

Tuesday, 18 July

RUXCON 2006 Final Call For Papers cfp
Cookies as the second factor Jeff Robertson
Re: Cookies as the second factor Rogan Dawes
Re: Cookies as the second factor Nick Owen
Re: Cookies as the second factor Ryan Barnett
Re: Cookies as the second factor Robin Wood
Re: Cookies as the second factor Rogan Dawes
Re: Cookies as the second factor Andrew van der Stock
RE: Cookies as the second factor Randy Ollett
RE: Cookies as the second factor Jeff Robertson
Re: Cookies as the second factor Ryan Barnett
RE: Cookies as the second factor Andrew Chong
Disable SSL v2 ciphers on IIS 5.0 secmail . lists
RE: Cookies as the second factor Matt Fisher
RE: Cookies as the second factor Matt Fisher
Re: Cookies as the second factor Darren Bounds
RE: Cookies as the second factor Ken Kousky
Re: Cookies as the second factor mikeiscool
Re: Cookies as the second factor Darren Bounds

Wednesday, 19 July

Re: Disable SSL v2 ciphers on IIS 5.0 Eoin Miller
RE: Disable SSL v2 ciphers on IIS 5.0 Doug Markiewicz

Thursday, 20 July

RE: Disable SSL v2 ciphers on IIS 5.0 xxradar
RE: Cookies as the second factor Jeff Robertson
RE: Cookies as the second factor Arian J. Evans
Re: Cookies as the second factor Robert Hajime Lanning
Protecting posted variables billy . sailing

Friday, 21 July

Re: Protecting posted variables Serg B.
RE: Protecting posted variables Andrew Chong
Re: Protecting posted variables mikeiscool
RE: Protecting posted variables Damhuis Anton
Re: Protecting posted variables Rogan Dawes
Re: Protecting posted variables Meder Kydyraliev
Code Review for Critical Application e.g Internet banking John Greiter
RE: Code Review for Critical Application e.g Internet banking Andrew Chong
Re: Cookies as the second factor Peter Watkins
RE: Protecting posted variables Debasis Mohanty
Identity 2.0 Evans, Arian
Re: Protecting posted variables Brian Rectanus

Saturday, 22 July

Re: Code Review for Critical Application e.g Internet banking mike

Monday, 24 July

Fwd: SF new article announcement: After an Exploit: mitigation and remediation Andrew van der Stock
Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity)

Tuesday, 25 July

Re: Cookies as the second factor Eoin
RE: Cookies as the second factor Arian J. Evans
Administrivia: Delays in dealing with posts next three weeks Andrew van der Stock

Wednesday, 26 July

ERRATA (Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash") Amit Klein (AKsecurity)
ANNOUNCING: 3rd annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA Dave Wichers

Thursday, 27 July

RE: Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity)
RE: Write-up by Amit Klein: "Forging HTTP request headers with Flash" Amit Klein (AKsecurity)
RE: Write-up by Amit Klein: "Forging HTTP request headers with Flash" James Pujals
RE: Write-up by Amit Klein: "Forging HTTP request headers with Flash" James Pujals

Saturday, 29 July

Correct Session Authentication xbennx
Re: Correct Session Authentication Siim Põder
Re: Correct Session Authentication Balazs Attila-Mihaly (Cd-MaN)
Re: Correct Session Authentication Santiago Rocandio

Sunday, 30 July

Re: Fwd: How to perform SSL certificate validation ? Devdas Bhagat
Re: Correct Session Authentication Dean H. Saxe

Monday, 31 July

OS XSS and SQL scanner Cherian Thomas
Spike PHP Security Audit Tool solutions_PHP
Re: OS XSS and SQL scanner Dean H. Saxe
Reminder: WASC Meet-up at Black Hat (USA 2006) contact
RE: OS XSS and SQL scanner Mandeep Khera
IEEE Web Security Special Mark Curphey
RE: [WEB SECURITY] Reminder: WASC Meet-up at Black Hat (USA 2006) contact

Tuesday, 01 August

Re: IEEE Web Security Special Eoin
AppSec tools it_strategy
Fwd: SF new column announcement: E-mail privacy in the workplace Andrew van der Stock
RE: OS XSS and SQL scanner Arian J. Evans
RE: SF new column announcement: E-mail privacy in the workplace Craig Wright

Wednesday, 02 August

Re: OS XSS and SQL scanner Dean H. Saxe
Re: OS XSS and SQL scanner Rory McCune
JavaScript port scanner pdp (architect)
Re: OS XSS and SQL scanner Eoin
RE: OS XSS and SQL scanner Burke, Charles
Re: OS XSS and SQL scanner Dean H. Saxe
Re: OS XSS and SQL scanner Dean H. Saxe
Re: OS XSS and SQL scanner Devdas Bhagat
Re: JavaScript port scanning pdp (architect)
Re: AppSec tools Dhruv Soi
Re: JavaScript port scanning pdp (architect)
RE: OS XSS and SQL scanner Dean H. Saxe
Re: OS XSS and SQL scanner Rogan Dawes

Thursday, 03 August

Attacking the local LAN via XSS pdp (architect)

Friday, 04 August

Re: [Full-disclosure] Attacking the local LAN via XSS Schanulleke
Re: [Full-disclosure] Attacking the local LAN via XSS pdp (architect)
Re[2]: [Full-disclosure] Attacking the local LAN via XSS Thierry Zoller
Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS pdp (architect)

Sunday, 06 August

ARES 2007: Call for workshop proposals, deadline Sept 10, 2006 Manh Tho

Monday, 07 August

Re: [Full-disclosure] Attacking the local LAN via XSS Nikolay Kubarelov
Environment for testing WebApp Security Scanners René Palige
Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper] SPI Labs
SF new column announcement: E-mail privacy in the workplace Craig Wright

Tuesday, 08 August

RE: Environment for testing WebApp Security Scanners Mark Curphey
Re: Environment for testing WebApp Security Scanners Roman H.
Re: [Full-disclosure] Attacking the local LAN via XSS Dude VanWinkle
XSSing the Lan 3 (web trojans.. not a new idea) pdp (architect)
RE: Environment for testing WebApp Security Scanners Brokken, Allen P.
Paros 3.2.13 release contact
Re: Environment for testing WebApp Security Scanners Dean H. Saxe
Re: Environment for testing WebApp Security Scanners mikeiscool
Re: Environment for testing WebApp Security Scanners Gerald Quakenbush
Re: Environment for testing WebApp Security Scanners Dean H. Saxe
Re: Environment for testing WebApp Security Scanners mikeiscool
RE: Environment for testing WebApp Security Scanners Mark Curphey

Wednesday, 09 August

Re: Environment for testing WebApp Security Scanners c0redump
Parameter fuzzing and forced browsing indianwhitehathacker
Ruby On Rails 1.1.5 Released to Address Critical Vulnerability bugtraq
Re: Parameter fuzzing and forced browsing mikeiscool
Re: Environment for testing WebApp Security Scanners mikeiscool

Thursday, 10 August

Sending multipart/form-data requests from Flash (with arbitrary headers) Amit Klein (AKsecurity)
Unable to disable browser caching in Firefox through HTTP headers smith . norton
Comparison report on web app security scanners now translated to English Holger.Peine
Re: Parameter fuzzing and forced browsing Ryan Barnett
RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability Caleb Sima
RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability James Pujals

Friday, 11 August

Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability Brian Eaton
LAPSE: code auditing tool for Java Benjamin Livshits

Saturday, 12 August

Re: [Full-disclosure] JavaScript get Internal Address (thanks to DanBUK) pdp (architect)
Re: [Full-disclosure] JavaScript get Internal Address (thanks to DanBUK) Martin Dipo Zimmermann
JavaScript get Internal Address (thanks to DanBUK) pdp (architect)

Monday, 14 August

RE: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA Dave Wichers

Wednesday, 16 August

Re: Tomcat Security davedevault
Re: [SC-L] Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA Pascal Meunier
Re: JavaScript Lazy Authorization Forcer and Visited Link Scaner mikeiscool
Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)" Amit Klein (AKsecurity)
JavaScript Lazy Authorization Forcer and Visited Link Scaner pdp (architect)
Invitation, Slovenia and Italy; Journal Special Issues; c/bb IPSI conference
Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA Dave Wichers
Technical note: under some conditions, it's possible to steal HTTP credentials using Flash Amit Klein (AKsecurity)
RE: [WEB SECURITY] "hack-me" Ajax apps? Jeff Robertson
Mitm new? Jeff Robertson
(somewhat) breaking the same-origin policy by undermining dns-pinning Martin Johns
Re: [WEB SECURITY] "hack-me" Ajax apps? kurt
Re: Comparison report on web app security scanners now translated to English Rogan Dawes
"hack-me" Ajax apps? Jeff Robertson

Friday, 18 August

Corsaire White Paper: Assessing Java Clients with the BeanShell Stephen de Vries
Re: Dates Correction - World Summit on Intrusion Prevention, May 8-9, 2007 wsip
Re: Mitm new? ROB DIXON
World Summit on Intrusion Prevention wsip
Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA Richard Lindberg
Re: Invitation, Slovenia and Italy; Journal Special Issues; c/bb Stephen de Vries
(BLED) IPSI Albert
Re: Mitm new? Rogan Dawes
RE: Comparison report on web app security scanners now translated to English Holger.Peine
Re: Mitm new? mikeiscool
testing compiled php Robin Wood
Re: Mitm new? Nick Owen

Sunday, 20 August

Re: Corsaire White Paper: Assessing Java Clients with the BeanShell Stephen de Vries
Re: Corsaire White Paper: Assessing Java Clients with the BeanShell Matthew Franz
Re: testing compiled php Attila-Mihaly Balazs
Re: testing compiled php crazy frog crazy frog

Monday, 21 August

Re: testing compiled php Robin Wood
Re: testing compiled php Robin Wood
Administrivia: Move the list? Andrew van der Stock
Re: "hack-me" Ajax apps? Andrew van der Stock
Re: Administrivia: Move the list? Andrew van der Stock

Tuesday, 22 August

Administrivia: Time to choose, please vote Andrew van der Stock

Wednesday, 23 August

Mozilla Firefox can't disable browser cache. Why? smith . norton
RE: Environment for testing WebApp Security Scanners Evans, Arian
Re: Mozilla Firefox can't disable browser cache. Why? mark
WiKID 2.1.1 released Nick Owen
RE: Mozilla Firefox can't disable browser cache. Why? Tony Stahler
Re: Mozilla Firefox can't disable browser cache. Why? Ron

Thursday, 24 August

Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Enis Karaarslan
Re: Mozilla Firefox can't disable browser cache. Why? Damien Watson
RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Enis Karaarslan
RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Joseph Peloquin
Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners René Palige
RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Enis Karaarslan
Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms Maxime Ducharme
Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners René Palige
RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Joseph Peloquin
Hacme Casino v1.0 alex.smolen

Friday, 25 August

Cookie poisoning without XSS Smith Norton
Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners Albert
Re: Cookie poisoning without XSS Martin Straka
Re: Cookie poisoning without XSS Dr HenDre
RE: Cookie poisoning without XSS Richard M. Smith
RE: Cookie poisoning without XSS Ory Segal
RE: Cookie poisoning without XSS Richard M. Smith
CIS Apache Benchmark security standard Ralf Durkee

Tuesday, 29 August

[Full-disclosure] AttackAPI 0.5 (JavaScript tools) pdp (architect)
Enumerate Web Virtual Site Roger Liu
Re: Enumerate Web Virtual Site solutions_PHP
Re: Enumerate Web Virtual Site Andres Riancho
Re: Re: Mozilla Firefox can't disable browser cache. Why? smith . norton
Re: Enumerate Web Virtual Site Sheryl
Re: Enumerate Web Virtual Site Jack Tennessee
Re: Enumerate Web Virtual Site scott

Wednesday, 30 August

Re: Enumerate Web Virtual Site Hemil
Re: Cookie poisoning without XSS Kanatoko
need help with webgoat Tomaz Korosec
Xoop Vlad

Thursday, 31 August

Re: Xoop Vlad
rewrite rule for apache bituman
Re: Xoop Josh Zlatin-Amishav
OWASP Autumn Of Code 2006 Dinis Cruz
Dinis Cruz Video Interview on ASP.NET Full Trust Mark Curphey

Sunday, 03 September

Re: Enumerate Web Virtual Site thomas springer

Wednesday, 06 September

Re: Cookie poisoning without XSS Matteo Meucci
RE: rewrite rule for apache Arian J. Evans
Re: need help with webgoat chris
Microsoft Research Builds BrowserShield bugtraq
HITBSecConf2006 Final Call ! Praburaajan
2nd European Conference on Computer Network Defense (EC2ND) Blyth A J C (AT)
Reminder: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA Dave Wichers
Re: Microsoft Research Builds BrowserShield Michal Zalewski

Thursday, 07 September

Host header cannot be trusted as an anti anti DNS-pinning measure Amit Klein (AKsecurity)
Black Hat Briefings Japan Speakers Selected! Jeff Moss
Web Application Analysis Tool - SWAAT Nish Bhalla

Friday, 08 September

Re: [WEB SECURITY] New PCI requires code review or WAF Nick Owen
Re: Microsoft Research Builds BrowserShield Sap .
Re: [WEB SECURITY] New PCI requires code review or WAF Dave Ockwell-Jenner

Wednesday, 13 September

Re: Cross Context Scripting with Sage bugtraq

Thursday, 14 September

best practices Matteo Nava
Hardcoded Database IP in ASP Darryl Stevens

Friday, 15 September

Re: best practices Rick Zhong

Tuesday, 19 September

Comparison report on web app security scanners now translated to English Cleiton Martins
Re: best practices Siim Põder
RE: Hardcoded Database IP in ASP Ken Schaefer
Re: Hardcoded Database IP in ASP Darryl Stevens
RE: Hardcoded Database IP in ASP Darryl Stevens
Re: Hardcoded Database IP in ASP RSnake
Re: best practices Dave Ferguson
Re: Hardcoded Database IP in ASP security

Friday, 22 September

Re: Comparison report on web app security scanners now translated to English Saqib Ali
Anybody got a licenced copy of Acunetix, Centric or other Web App Scans? Dinis Cruz
Re: Hardcoded Database IP in ASP PCSC Information Services
Re: Comparison report on web app security scanners now translated to English Roberto Tanara
Re: [Full-disclosure] Self-contained XSS Attacks (the new generation of XSS) Tim
Comparison report on web app security scanners (English) is now available again docbook . xml
RE: Comparison report on web app security scanners now translated to English Evans, Arian
Comparison report on web app security scanners (English) is now available again Saqib Ali

Sunday, 24 September

Re: Anybody got a licenced copy of Acunetix, Centric or other Web App Scans? Kish Pent
FIS [File Inclusion Scanner] v0.1 Tasos

Monday, 25 September

Re: Anybody got a licenced copy of Acunetix, Centric or other Web App Scans? c0redump
Re: Anybody got a licenced copy of Acunetix, Centric or other Web App Scans? Cleiton Martins

Tuesday, 26 September

Ruxcon 2006 cfp
web application, data classification and database security test . future
XML Port Scanning Paul Theriault

Wednesday, 27 September

Re: web application, data classification and database security test . future
Interview With Modsecurity Author Ivan Ristic bugtraq
XML File Inclusion and Path Traversal Attacks (was RE: XML Port Scanning) Jan P. Monsch
Open Source Application Vulnerability Assessment Tools Brokken, Allen P.

Thursday, 28 September

Re: Open Source Application Vulnerability Assessment Tools Stephen de Vries
Google Security Team Contacts? Dave Wichers
Re: Open Source Application Vulnerability Assessment Tools Aman Raheja

Previous period

Next period