Web Application Security (thread)

SAS 70 and software policies, James Strassburg, 2005/09/30
Administrivia: At Ruxcon this weekend, Andrew van der Stock, 2005/09/30
REPOST: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein, Amit Klein (AKsecurity), 2005/09/30
Must we authenticate login forms (using SSL?)?, Amir Herzberg, 2005/09/29
- Re: Must we authenticate login forms (using SSL?)?, info, 2005/09/29
  - Re: Must we authenticate login forms (using SSL?)?, Antoine Martin, 2005/09/30
    - RE: Must we authenticate login forms (using SSL?)?, Nathaniel S. H. Brown, 2005/09/30
    - Re: Must we authenticate login forms (using SSL?)?, Peter Conrad, 2005/09/30
    - RE: Must we authenticate login forms (using SSL?)?, Nathaniel S. H. Brown, 2005/09/30
    - Re: Must we authenticate login forms (using SSL?)?, Rogan Dawes, 2005/09/30
    - Re: Must we authenticate login forms (using SSL?)?, Antoine Martin, 2005/09/30
    - Re: Must we authenticate login forms (using SSL?)?, Eoin Keary, 2005/09/30
    - Re: Must we authenticate login forms (using SSL?)?, Antoine Martin, 2005/09/30
- Re: Must we authenticate login forms (using SSL?)?, mike03051, 2005/09/30
Use JCap library to read network traffic, yuthikasgp, 2005/09/28
Re: webappsec Digest 21 Sep 2005 21:26:31 -0000 Issue 636, Amir Herzberg, 2005/09/27
Almost Here!!: 2nd US OWASP AppSec Conference - Oct 11-12 - Near DC, Dave Wichers, 2005/09/26
PacSec05, Dragos Ruiu, 2005/09/26
Ajax Security discussion for the OWASP Guide, Andrew van der Stock, 2005/09/23
- Re: Ajax Security discussion for the OWASP Guide, Serg Belokamen, 2005/09/23
- RE: Ajax Security discussion for the OWASP Guide, Luke Fraser, 2005/09/23
- Re: Ajax Security discussion for the OWASP Guide, noname, 2005/09/23
  - Re: Ajax Security discussion for the OWASP Guide, Andre Ludwig, 2005/09/23
  - Re: Ajax Security discussion for the OWASP Guide, John Manko, 2005/09/24
    - Re: Ajax Security discussion for the OWASP Guide, focus, 2005/09/25
HTTP Request Smuggling - ERRATA (the IIS 48K buffer phenomenon), Amit Klein (AKsecurity), 2005/09/22
Chroot jails, Steve.Cummings, 2005/09/20
- Re: Chroot jails, JamesHorwath, 2005/09/20
- Re: Chroot jails, Antoine Martin, 2005/09/20
  - Re: Chroot jails, Ingo Struck, 2005/09/21
    - Re: Chroot jails, Antoine Martin, 2005/09/21
- Re: Chroot jails, Mamading Ceesay, 2005/09/20
- Re: Chroot jails, xyberpix, 2005/09/21
- Re: Chroot jails, Paul Wong, 2005/09/21
- RE: Chroot jails, Craig Wright, 2005/09/21
- RE: Chroot jails, Wall, Kevin, 2005/09/21
Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, Amir Herzberg, 2005/09/20
HTML/Java Protection, confusionvalley, 2005/09/19
- Re: HTML/Java Protection, Peter Conrad, 2005/09/20
  - Re: HTML/Java Protection, Roshen Chandran, 2005/09/20
- Re: HTML/Java Protection, Mark Quinn, 2005/09/20
- Re: HTML/Java Protection, Antoine Martin, 2005/09/20
  - Re: HTML/Java Protection, Yousef Syed, 2005/09/21
Defending users of unprotected login pages with TrustBar 0.4.9.93, Amir Herzberg, 2005/09/19
- Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, mike03051, 2005/09/19
  - Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, Nathan Jackson-Eeles, 2005/09/19
- Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, J. Lambrecht, 2005/09/19
- Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, mike03051, 2005/09/19
  - Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, Peter Conrad, 2005/09/20
- Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, mike03051, 2005/09/21
Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS, jimz, 2005/09/18
- Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS, Paul Laudanski, 2005/09/19
  - Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS, jimz, 2005/09/19
Core Application's for Banks, Lila Buchalski, 2005/09/17
- Re: Core Application's for Banks, Andrew van der Stock, 2005/09/17
Federated Authentication (without SAML), Gary Gwin, 2005/09/17
- Re: Federated Authentication (without SAML), Scovetta Labs, 2005/09/17
- Re: Federated Authentication (without SAML), Mamading Ceesay, 2005/09/17
[Full-disclosure] Web Application Security Analyzer for PHP-Nuke/phpBB CMS, Paul Laudanski, 2005/09/16
Research paper on WSE Policy Advisor, Andy Gordon, 2005/09/16
OWASP NYC Chapter Meeting - Sept 28th, peter . stern, 2005/09/15
- Re: OWASP NYC Chapter Meeting - Sept 28th, bugtraq, 2005/09/15
- RE: OWASP NYC Chapter Meeting - Sept 28th, Stan Guzik, 2005/09/16
- Fwd: OWASP NYC Chapter Meeting - Sept 28th, Andrew van der Stock, 2005/09/16
Online quiz for CISSP (new material), Saqib Ali, 2005/09/14
- Re: Online quiz for CISSP (new material), Saqib Ali, 2005/09/17
- Re: Re: Online quiz for CISSP (new material), conner911, 2005/09/19
NTLM and man-in-the-middle proxies not working, raymond_b_jimenez, 2005/09/14
- Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity), 2005/09/15
- Re: NTLM and man-in-the-middle proxies not working, raymond_b_jimenez, 2005/09/16
  - Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity), 2005/09/16
    - Re: NTLM and man-in-the-middle proxies not working, Eoin Keary, 2005/09/19
    - Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity), 2005/09/19
    - Re: NTLM and man-in-the-middle proxies not working, Michael Eddington, 2005/09/21
    - Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity), 2005/09/21
    - Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity), 2005/09/21
    - Re: NTLM and man-in-the-middle proxies not working, lists, 2005/09/22
    - Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity), 2005/09/22
- RE: NTLM and man-in-the-middle proxies not working, raymond_b_jimenez, 2005/09/21
- Re: NTLM and man-in-the-middle proxies not working, raymond_b_jimenez, 2005/09/26
  - RE: NTLM and man-in-the-middle proxies not working, Ofer Maor, 2005/09/27
    - Re: NTLM and man-in-the-middle proxies not working, AG, 2005/09/28
simplicity improves security?, Saqib Ali, 2005/09/13
- RE: simplicity improves security?, Simon Zuckerbraun, 2005/09/14
- Re: simplicity improves security?, Robert Hajime Lanning, 2005/09/14
Is netcraft publishing URL of your intranet sites?, Saqib Ali, 2005/09/13
- Re: Is netcraft publishing URL of your intranet sites?, Darren Bounds, 2005/09/18
  - Re: Is netcraft publishing URL of your intranet sites?, Saqib Ali, 2005/09/19
    - Re: Is netcraft publishing URL of your intranet sites?, Darren Bounds, 2005/09/19
    - Re: Is netcraft publishing URL of your intranet sites?, Saqib Ali, 2005/09/22
    - Re: Is netcraft publishing URL of your intranet sites?, Darren Bounds, 2005/09/22
- Re: Is netcraft publishing URL of your intranet sites?, Saqib Ali, 2005/09/16
web application testing framework, Serg Belokamen, 2005/09/13
- Re: web application testing framework, Patrick Debois, 2005/09/13
- Re: web application testing framework, Stephen de Vries, 2005/09/13
- RE: web application testing framework, Dan Cornell, 2005/09/13
security of _notes dirs, Mailing List, 2005/09/12
- RE: security of _notes dirs, Griffiths, Ian, 2005/09/12
- RE: security of _notes dirs, michael acadia, 2005/09/12
  - RE: security of _notes dirs, Mailing List, 2005/09/15
    - Re: security of _notes dirs, Michael Acadia, 2005/09/15
    - Re: security of _notes dirs, Mailing List, 2005/09/15
    - Re: security of _notes dirs, Greg, 2005/09/15
    - Re: security of _notes dirs, Peter Conrad, 2005/09/15
    - Re: security of _notes dirs, Mailing List, 2005/09/15
Obfuscating IIS 6.0, Bénoni MARTIN, 2005/09/08
- Re: Obfuscating IIS 6.0, Ademar Gonzalez, 2005/09/08
Security Issues with Workflow apps, Saqib Ali, 2005/09/08
- Re: Security Issues with Workflow apps, Anthony Chan, 2005/09/11
- Re: Security Issues with Workflow apps, Saqib Ali, 2005/09/11
- Re: Security Issues with Workflow apps, Anthony Chan, 2005/09/12
Re: BBCode [IMG] [/IMG] Tag Vulnerability, Paul Laudanski, 2005/09/08
Security Issues with Foxpro 6, nitin patel, 2005/09/07
ANN: WebGoat 3.7 - Application Security hands-on learning environment, Jeff Williams, 2005/09/06
ASP.NET Forms Based Auth Whitepaper, Mark Curphey, 2005/09/06
Early Registration Ending Soon: 2nd US OWASP AppSec Conference - Oct 11-12 - Near DC, Dave Wichers, 2005/09/05
Re: Code Signing ???, Saqib Ali, 2005/09/04
- Re: Code Signing ???, Olaf Reitmaier Veracierta, 2005/09/05
  - Re: Code Signing ???, Saqib Ali, 2005/09/05
Ajax security reference, Luke Fraser, 2005/09/03
- Re: Ajax security reference, Serg Belokamen, 2005/09/03
  - Re: Ajax security reference, John Manko, 2005/09/06
    - Re: Ajax security reference, Serg Belokamen, 2005/09/06
    - Re: Ajax security reference, John Manko, 2005/09/06
    - Re: Ajax security reference, bugtraq, 2005/09/06
- Re: Ajax security reference, Jean-Jacques Halans, 2005/09/12
  - Re: Ajax security reference, Eoin Keary, 2005/09/13
- RE: Ajax security reference, Balaji, 2005/09/13
- RE: Ajax security reference, Damhuis Anton, 2005/09/06
Oracle TNS listener, Chitresh Sen, 2005/09/02
- Re: Oracle TNS listener, Achim Hoffmann, 2005/09/03
- Re: Oracle TNS listener, Esteban Martinez Fayo, 2005/09/03
Re: Combatting automated download of dynamic websites?, Achim Hoffmann, 2005/09/01
- Fwd: Combatting automated download of dynamic websites?, Mark Quinn, 2005/09/01
- Re: Combatting automated download of dynamic websites?, Eoin Keary, 2005/09/01
  - Re: Combatting automated download of dynamic websites?, Javier Fernandez-Sanguino, 2005/09/05
- Re: Combatting automated download of dynamic websites?, Paul M., 2005/09/05
  - Re: Combatting automated download of dynamic websites?, Eoin Keary, 2005/09/07
Re: Defeating CAPTCHA, Christopher Kunz, 2005/09/01
- Re: Defeating CAPTCHA, Devdas Bhagat, 2005/09/05
- RE: Defeating CAPTCHA, Derick Anderson, 2005/09/06