Network Security Archives

Web Application Security (date)

[Thread Index] [Top] [All Lists]

August 31, 2005

Re: Combatting automated download of dynamic websites?, Tony Stahler, 05:12
RE: sql injection for MS Access, Mark Burnett, 05:12

August 30, 2005

Re: Combatting automated download of dynamic websites?, Michael Boman, 15:24
Re: Combatting automated download of dynamic websites?, Javier Fernandez-Sanguino, 14:13
Re: sql injection for MS Access, ray bradbury fan, 14:13
RE: sql injection for MS Access, Mailing List, 13:22
RE: sql injection for MS Access, Ofer Maor, 06:29
Re: Combatting automated download of dynamic websites?, Serg Belokamen, 00:06

August 29, 2005

RE: sql injection for MS Access, Mutallip ABLIMIT, 23:45
Re: Combatting automated download of dynamic websites?, bugtraq, 23:05
Re: Combatting automated download of dynamic websites?, Matthijs R. Koot, 23:05
RE: Defeating CAPTCHA, wilsonc, 22:55
Re: Combatting automated download of dynamic websites?, Jayson Anderson, 22:55
sql injection for MS Access, Mailing List, 22:55
RE: [WEB SECURITY] Re: Defeating CAPTCHA, Gokhan Azaphan, 13:09
RE: [WEB SECURITY] Re: Defeating CAPTCHA, Marian Ion, 12:19
RE: Defeating CAPTCHA, Derick Anderson, 12:19
Re: Defeating CAPTCHA, victor, 12:19
Combatting automated download of dynamic websites?, Matthijs R. Koot, 12:19
RE: Windows 2003 Server Hardening, Angel Barrio, 12:19

August 28, 2005

Re: Defeating CAPTCHA, Devdas Bhagat, 21:33

August 27, 2005

Re: BBCode [IMG] [/IMG] Tag Vulnerability, Christopher Canova, 17:51
Re: looking for stats, Michael Boman, 06:15
Re[2]: looking for stats, Matt Szubrycht, 06:15
Re: looking for stats, Eoin Keary, 03:14
GPL version of WiKID Strong Authentication released, Nick Owen, 02:44

August 26, 2005

RE: Defeating CAPTCHA, Derick Anderson, 23:42
Re: Defeating CAPTCHA, Michal Zalewski, 12:46
Re: looking for stats, Andrew van der Stock, 12:36
RE: Defeating CAPTCHA, Glenn Euloth, 12:16
Re: Defeating CAPTCHA, Paul M., 11:56
Re: Defeating CAPTCHA, Subs, 11:56
Re: looking for stats, Robin Wood, 11:45
Re: Defeating CAPTCHA, Andrew van der Stock, 04:02
Re: Defeating CAPTCHA, Jayson Anderson, 03:22
RE: looking for stats, Ha, Jason, 02:01
Re: looking for stats, Skip Carter, 00:00
Re: looking for stats, Dave Spencer, 00:00
Re: Defeating CAPTCHA, Chris Shiflett, 00:00
Re: looking for stats, Dave Spencer, 00:00
Re: looking for stats, Serban Ghita, 00:00

August 25, 2005

Re: Defeating CAPTCHA, Stephen de Vries, 23:50
Re: looking for stats, Jeremiah Grossman, 23:50
RE: [WEB SECURITY] Defeating CAPTCHA, Glenn.Everhart, 23:40
Re: Defeating CAPTCHA, Mark Burnett, 23:40
RE: looking for stats, Moran, 14:35
RE: [WEB SECURITY] Defeating CAPTCHA, Michal Zalewski, 14:35
Re: Defeating CAPTCHA, Jayson Anderson, 14:24
RE: [WEB SECURITY] Defeating CAPTCHA, Brecrost Jones, 13:54
looking for stats, Robin Wood, 13:54
RE: [WEB SECURITY] Defeating CAPTCHA, focus, 13:14
RE: [WEB SECURITY] Defeating CAPTCHA, Debasis Mohanty, 12:13
Defeating CAPTCHA, robert, 12:13

August 24, 2005

RE: Entrust - Identity Guard - Any experience?, Wall, Kevin, 12:24
Re: Windows 2003 Server Hardening, John Manko, 02:20

August 23, 2005

Re: BBCode [IMG] [/IMG] Tag Vulnerability, Christopher Kunz, 23:49
RE: Windows 2003 Server Hardening, MacEwen, Jeffrey B., 23:49
ActiveX POC, Andres Molinetti, 23:49
Re: BBCode [IMG] [/IMG] Tag Vulnerability, Zak McGregor, 23:49
RE: anti-phishing implementation, wilsonc, 18:16
RE: Windows 2003 Server Hardening, Martinez Azair Francisco, 17:45
Re: BBCode [IMG] [/IMG] Tag Vulnerability, Tony Stahler, 13:43
Re: Entrust - Identity Guard - Any experience?, Saqib Ali, 13:43
Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection), Serban Ghita, 13:43
Re: Windows 2003 Server Hardening, ray bradbury fan, 07:30
Re: BBCode [IMG] [/IMG] Tag Vulnerability, Paul Laudanski, 04:49
Re: [Full-disclosure] Re: BBCode [IMG] [/IMG] Tag Vulnerability, Christopher Kunz, 02:08
Re: Entrust - Identity Guard - Any experience?, Ned Fleming, 01:47

August 22, 2005

Re: BBCode [IMG] [/IMG] Tag Vulnerability, Paul Laudanski, 08:14
Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection), Jean-Jacques Halans, 08:04
placement of webappsec in the cc line, michael.lanham, 00:21

August 21, 2005

RE: Entrust - Identity Guard - Any experience?, ken kousky, 22:50
Re: Entrust - Identity Guard - Any experience?, Saqib Ali, 13:54
RE: anti-phishing implementation, Lyal Collins, 10:02
Re: anti-phishing implementation, Bjorn Borg, 10:02
RE: Entrust - Identity Guard - Any experience?, ken kousky, 04:00
RE: anti-phishing implementation, Lyal Collins, 03:50

August 20, 2005

RE: anti-phishing implementation, Irene Abezgauz, 14:03
RE: Entrust - Identity Guard - Any experience?, Lyal Collins, 06:30
RE: anti-phishing implementation, Lyal Collins, 06:30
Re: Entrust - Identity Guard - Any experience?, Ralf Durkee, 01:27
Re: Entrust - Identity Guard - Any experience?, Saqib Ali, 01:27

August 19, 2005

RE: Entrust - Identity Guard - Any experience?, Mary Ann Burns, 22:26
Re: [Fwd: anti-phishing implementation], Bjorn Borg, 22:26
Re: anti-phishing implementation, Rob Skedgell, 22:26
RE: Windows 2003 Server Hardening, Aleksander P. Czarnowski, 22:26
RE: Entrust - Identity Guard - Any experience?, Rishi Pande, 22:16
Re: Entrust - Identity Guard - Any experience?, Saqib Ali, 17:34
RE: Entrust - Identity Guard - Any experience?, Ellis, Steven, 16:53
RE: Entrust - Identity Guard - Any experience?, Dwayne Taylor, 15:53
Re: anti-phishing implementation, Saqib Ali, 15:13
RE: Windows 2003 Server Hardening, Sarbjit Singh Gill, 15:12
Entrust - Identity Guard - Any experience?, SB, 14:29
Re: Windows 2003 Server Hardening, jcarr083, 14:19
anti-phishing implementation, Bjorn Borg, 14:19
Re: Windows 2003 Server Hardening, Ratnakumar C H, 02:43
RE: Windows 2003 Server Hardening, Sohl, Greg, 02:33
RE: Windows 2003 Server Hardening, Steven Jones, 01:52
Windows 2003 Server Hardening, Joe Osborn, 01:42
Re: [WEB SECURITY] Re: Microsoft's 'Honeymonkey' project finds 0day, Christopher Canova, 01:42
Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection), Gary Gwin, 01:32

August 18, 2005

Re: MD5 Password encoding, "straight" vs "salted" hashes, Noam Eppel, 04:00
Re: Application Assessment, goenw, 01:08

August 17, 2005

RE: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection), Bond Masuda, 22:57
Re: MD5 Password encoding, "straight" vs "salted" hashes, Peter Watkins, 22:57
Re: Re[2]: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection), Chuck, 22:47
RE: Cookie not expiring..., Dan Simon, 14:02
Re: Cookie not expiring..., dharmeshmm, 12:11
RE: Cookie not expiring..., David Knapman, 11:40
Re: RE: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection), mike, 11:40
Re: Cookie not expiring..., Rogan Dawes, 10:20
RE: Cookie not expiring..., Dan Simon, 10:20
RE: Cookie not expiring..., Steven Rebello, 09:59
Re: Cookie not expiring..., Thomas Chiverton, 09:59
Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection), Thomas Chiverton, 09:59
Re: Cookie not expiring..., bryan allott, 09:59
Re[2]: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection), Oleg Topchiy, 09:49
RE: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection), Cyrill Osterwalder, 09:49
Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection), Noam Eppel, 04:47
IT Security World 2005 ???, Saqib Ali, 04:47
Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection), mike, 00:35

August 16, 2005

Cookie not expiring..., spawn security, 22:54
Escaping LDAP queries, Stephen de Vries, 14:07
Re: Re: Defeating Citi-Bank Virtual Keyboard Protection, F Lace, 07:10
Re: Re: Defeating Citi-Bank Virtual Keyboard Protection, mike, 06:00

August 15, 2005

Re: Citi-Bank Virtual Keyboard (is useless), Andre Ludwig, 23:07
RE: Application Assessment (Correction), Brokken, Allen P., 22:47
Nessus Server Win32 Port, Tom Stracener, 22:47
Re: Application Assessment, secureuniverse, 22:47
webgoat in different languages, Mailing List, 22:47
Technical Note by Amit Klein: Detecting and Preventing HTTP Response Splitting and HTTP Request Smuggling Attacks at the TCP Le, Amit Klein (AKsecurity), 22:47
[Full-disclosure] Re: Defeating Citi-Bank Virtual Keyboard Protection, Bipin Gautam, 16:11
Re: Code Signing ???, Saqib Ali, 14:18
Re: Citi-Bank Virtual Keyboard (is useless), Cory Foy, 11:06
Re: Re: Defeating Citi-Bank Virtual Keyboard Protection, mike, 10:05
Re: Firefox-based security testing tools, Eoin Keary, 09:45
RE: Fixing XSS Vulns, Cyrill Osterwalder, 07:54
Re: Defeating Citi-Bank Virtual Keyboard Protection, F Lace, 05:33
Re: [WEB SECURITY] Tomcat Security, Cyrill Brunschwiler, 05:03
Re: [WEB SECURITY] Re: Microsoft's 'Honeymonkey' project finds 0day, F Lace, 05:03
Re: Defeating Citi-Bank Virtual Keyboard Protection, F Lace, 05:03
RE: Fixing XSS Vulns, yeesan wong, 02:42

August 14, 2005

Re: Citi-Bank Virtual Keyboard (is useless), Neil Rowland, 23:11
Re: Code Signing ???, Devdas Bhagat, 23:11
Re: Firefox-based security testing tools, Jason Keating, 23:11
RE: Citi-Bank Virtual Keyboard (is useless), Debasis Mohanty, 23:11
RE: Defeating Citi-Bank Virtual Keyboard Protection, Debasis Mohanty, 23:11
Re: Re: Citi-Bank Virtual Keyboard (is useless), mike, 23:11
Re: Citi-Bank Virtual Keyboard (is useless), Saqib Ali, 23:11
RE: Citi-Bank Virtual Keyboard (is useless), Debasis Mohanty, 15:58
Re: Citi-Bank Virtual Keyboard (is useless), Bipin Gautam, 15:07
On Application Scanners (Was: Application Assessment), Mark Curphey, 15:07
Re: Citi-Bank Virtual Keyboard (is useless), intel96, 15:07
Citi-Bank Virtual Keyboard (is useless), mike, 06:03
Code Signing ???, Saqib Ali, 06:03
RE: Defeating Citi-Bank Virtual Keyboard Protection, Debasis Mohanty, 03:42
RE: Application for stress testing webservers., xxradar, 03:42
Re: Fixing XSS Vulns, Tim, 03:32

August 13, 2005

RE: RE: Application Assessment, Ory Segal, 20:47
Re: Application Assessment, Pete Herzog, 10:03
Paros 3.2.4 release, contact, 10:03
RE: Application Assessment, Michael Gargiullo, 01:59
Re: Defeating Citi-Bank Virtual Keyboard Protection, Andrew van der Stock, 00:49
Re: RE: Application Assessment, secureuniverse, 00:38

August 12, 2005

Reminder: 2nd US OWASP AppSec Conference - Oct 11-12 - Near DC, Dave Wichers, 23:58
Re: Defeating Citi-Bank Virtual Keyboard Protection, intel96, 23:58
RE: Fixing XSS Vulns, Jeff Robertson, 23:48
Re: Defeating Citi-Bank Virtual Keyboard Protection, intel96, 23:48
Re: Defeating Citi-Bank Virtual Keyboard Protection, Saqib Ali, 23:48
RE: [WEB SECURITY] Re: Microsoft's 'Honeymonkey' project finds 0day, Aiken, Dan, 23:48
RE: Defeating Citi-Bank Virtual Keyboard Protection, Debasis Mohanty, 23:48
Re: RE: Application Assessment, Kyle Starkey, 23:38
RE: Application Assessment, Tom Stracener, 23:38
Re: Defeating Citi-Bank Virtual Keyboard Protection, Saqib Ali, 23:38
Re: Fixing XSS Vulns, Steven M. Christey, 23:38
Re: Fixing XSS Vulns, Stephen de Vries, 21:47
RE: Fixing XSS Vulns, Smith, Johnathon (KEYPEOPLE RESOURCES INC), 20:57
Re: Defeating Citi-Bank Virtual Keyboard Protection, Saqib Ali, 18:46
Re: Fixing XSS Vulns, Tim, 18:15
Re: Firefox-based security testing tools, Petko Petkov, 18:05
Re: RE: Application Assessment, RUI PEREIRA - WCG, 16:44
RE: Application Assessment, Brokken, Allen P., 16:24
Re: Fixing XSS Vulns, RSnake, 15:44
Re: Fixing XSS Vulns, Petko Petkov, 14:53
RE: Application Assessment, Juan Carlos Reyes Muñoz, 14:13
RE: Application Assessment, Brokken, Allen P., 13:32
Fixing XSS Vulns, wilsonc, 13:32
Firefox-based security testing tools, Jeff Robertson, 13:22
Re: Application Assessment, Amit Klein (AKsecurity), 13:22
RE: (Fwd) RE: NTLM HTTP Authentication is insecure by design - a n, Cyrill Osterwalder, 07:30
Tomcat Security, Andres Molinetti, 01:07
RE: [WEB SECURITY] Tomcat Security, Jason Radley, 00:57
RE: Application Assessment, Mark Curphey, 00:57
Securing Tomcat, Andres Molinetti, 00:57
Microsoft's 'Honeymonkey' project finds 0day, Bob Auger, 00:57
Re: Application Assessment, Jeremiah Grossman, 00:57
RE: Application Assessment, Brokken, Allen P., 00:57
Re: Application Assessment, Jeremiah Grossman, 00:47

August 11, 2005

RE: Application Assessment, Ashley Vandiver, 16:52
burp suite v1.0 released, PortSwigger, 15:31
RE: [WEB SECURITY] Tomcat Security, Nathan Tobik, 15:31
Re: Application Assessment, bugtraq, 15:21
RE: Application Assessment, Mark Curphey, 15:21
Re: [WEB SECURITY] Tomcat Security, Ron Forrester, 15:21
Re: [WEB SECURITY] Tomcat Security, Ryan Barnett, 15:11
RE: Application Assessment, Ory Segal, 11:46
Re: Application Assessment, Glyn Geoghegan, 07:24
Re: Example of the worst passwd recovery interface, Saqib Ali, 07:24
Re: New T&C poll: Was Lynn right?, Nick Murison, 07:24

August 10, 2005

RE: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein, Cyrill Osterwalder, 05:41
RE: Email header injection in PHP, Eyal Udassin, 04:00
RE: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein, Amit Klein (AKsecurity), 03:50
Re: Email header injection in PHP, Tobias Schlitt, 03:50
RE: New T&C poll: Was Lynn right?, Altheide, Cory B. (IARC), 03:50
Re: web application audit ideas needed, Serg Belokamen, 03:50

August 09, 2005

Re: web application audit ideas needed, Yanglei, 14:42
Re: Email header injection in PHP, Irene Abezgauz, 14:42
RE: Email header injection in PHP, Harry Metcalfe, 14:32
Email header injection in PHP, Harry Metcalfe, 09:59
[Full-disclosure] New T&C poll: Was Lynn right?, Nick Murison, 09:09
RE: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein, Cyrill Osterwalder, 07:48
RE: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein, Cyrill Osterwalder, 07:48

August 07, 2005

Re: Server's host key & pscp.exe trouble, Jonathan Angliss, 03:13

August 06, 2005

RE: Example of the worst passwd recovery interface, Wall, Kevin, 12:27
RE: Double Slashes, Kyle Quest, 03:03
Re: Example of the worst passwd recovery interface, Javier Fernandez-Sanguino, 03:03
Defeating Citi-Bank Virtual Keyboard Protection, Debasis Mohanty, 03:03

August 04, 2005

FYI: RBAC for WebApps using LDAP, Saqib Ali, 23:10
Re: Double Slashes, Steven M. Christey, 22:20
Re: Example of the worst passwd recovery interface, Saqib Ali, 22:20
RE: Watchfire Free Tools, Ory Segal, 22:20
Re: Example of the worst passwd recovery interface, Yousef Syed, 22:20
Server's host key & pscp.exe trouble, Bénoni MARTIN, 22:20
RE: Double Slashes, Andres Molinetti, 22:20
RE: Double Slashes, Auri Rahimzadeh, 22:10
Re: Example of the worst passwd recovery interface, Christopher Canova, 22:10
RE: Double Slashes, Auri Rahimzadeh, 22:10
Re: Heavy Security Issue, Marco Caramma, 22:10
RE: Double Slashes, Jeff Robertson, 22:10
RE: Double Slashes, Andres Molinetti, 22:10
RE: Double Slashes, Auri Rahimzadeh, 12:24
RE: Double Slashes, Jeff Robertson, 12:14
Double Slashes, Andres Molinetti, 11:53
Re: Heavy Security Issue, Dan Simon, 11:43
RE: Example of the worst passwd recovery interface, Irene Abezgauz, 09:52
RE: Example of the worst passwd recovery interface, Marc Heuse, 06:51
Re: bad url fragment, Sanjay Rawat, 05:50
Administrivia: Watchfire Free Tools, Andrew van der Stock, 01:18
RE: Watchfire Free Tools, Ory Segal, 01:18
Re: Heavy Security Issue, Saqib Ali, 01:08
Re: Watchfire Free Tools, -kah.wee-, 00:08

August 03, 2005

Re: Watchfire Free Tools, Saqib Ali, 23:58
bad url fragment, development, 23:58
Re: Watchfire Free Tools, Tom Wells, 23:58
Re: Watchfire Free Tools, Rogan Dawes, 23:58
Heavy Security Issue, jonathan Davis, 23:47
RE: Watchfire Free Tools, Ronen Gottlib, 23:47
Example of the worst passwd recovery interface, Saqib Ali, 23:47
Re: Watchfire Free Tools, Paul Laudanski, 03:57
Re: Redirecting HTTP 404 to 200, victor, 01:05
Watchfire Free Tools, watchfire_free_tools, 01:05

August 02, 2005

Redirecting HTTP 404 to 200, Andres Molinetti, 22:24
RE: Publishing Web Based Application via ICA protocol, Jose Varghese, 10:34
Burp proxy v1.3beta released, PortSwigger, 10:14