Network Security Archives

Web Application Security (date)

[Thread Index] [Top] [All Lists]

October 31, 2005

RE: Smells like a phish, is a fish?, Lyal Collins, 12:19

October 30, 2005

Re: J2EE Application Security Code Review, Dean H. Saxe, 21:43
Re: Smells like a phish, is a fish?, Devdas Bhagat, 21:43
Re: J2EE Application Security Code Review, Dean H. Saxe, 21:43

October 29, 2005

[Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Paul Laudanski, 20:32
RE: Smells like a phish, is a fish?, Lyal Collins, 05:05
Re: J2EE Application Security Code Review, crazy frog crazy frog, 03:44
Re: J2EE Application Security Code Review, Andrew van der Stock, 03:44
RE: J2EE Application Security Code Review, Jeff Robertson, 03:44
RE: Smells like a phish, is a fish?, Tom Stowell, 03:44
Re: J2EE Application Security Code Review, Eoin Keary, 03:44
RE: J2EE Application Security Code Review, Evans, Arian, 03:34
RE: J2EE Application Security Code Review, Prashant Shirangare, 03:34

October 28, 2005

J2EE Application Security Code Review, Yousef Syed, 14:16
RE: Smells like a phish, is a fish?, Damhuis Anton, 14:16
Re: Smells like a phish, is a fish?, Todd Hendricks, 14:16
RE: Smells like a phish, is a fish?, Christopher Reed, 14:16
RE: Smells like a phish, is a fish?, Tom Stowell, 14:16
[Full-disclosure] Multiple vulnerabilities within RockLiffe MailSite Express WebMail, Paul Craig, 14:16
RE: Smells like a phish, is a fish?, M. Burnett, 14:16
Re: Smells like a phish, is a fish?, Mike Kuriger, 14:16

October 27, 2005

Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Nicob, 13:30
RE: Smells like a phish, is a fish?, Damhuis Anton, 12:39
Re: Smells like a phish, is a fish?, Cory Foy, 12:29
Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Tatercrispies, 12:19
[Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Nicob, 11:48
RE: Smells like a phish, is a fish?, Ofer Shezaf, 07:06
Re: Smells like a phish, is a fish?, Mat Farrington, 06:36
Smells like a phish, is a fish?, Andrew van der Stock, 06:16

October 26, 2005

Help required in Owasp.net's move from DotNetNuke to CommunityServer, Mike de Libero, 09:25
RE: (conclusion) GET and POST Methods Accepted, Evans, Arian, 09:15

October 25, 2005

[Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Tatercrispies, 20:19
SF new article announcement: Collaborative endpoint security, part one, Andrew van der Stock, 19:58
[Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Paul Laudanski, 19:48
Re: [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Tatercrispies, 19:38
[Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Paul Laudanski, 19:27
ISO cert, budsplacecustomcomputers, 10:13
SecurityFocus Article: The click-wrap conundrum, Andrew van der Stock, 00:58
webapp audit and forensics, Serg B., 00:48

October 24, 2005

CFP: The First International Conference on Availability, Reliability and Security (AReS 2006), 20-22 April, 2006, Vienna, Austria, Manh Tho, 15:11
Re: webapp audit and forensics, Dhruv Soi, 15:11
Re: webapp audit and forensics, crazy frog crazy frog, 15:09
Re: RE: webapp audit and forensics, f_kenisky, 15:08
RE: webapp audit and forensics, Jason Gregson, 15:08
RE: webapp audit and forensics, Griffiths, Ian, 15:08
Oracle 10g - emagent.exe Stack-Based Overflow, SPI Labs, 15:07
Re: Hit Throttling - Content Theft Prevention, Steve Shah, 15:06
SecurityFocus article announcement: Two-factor banking, Andrew van der Stock, 15:06
Re: Hit Throttling - Content Theft Prevention, WebAppSec, 15:06
Re: Hit Throttling - Content Theft Prevention, Kurt Seifried, 15:06
Re: Hit Throttling - Content Theft Prevention, Eoin Keary, 15:06
Re: Hit Throttling - Content Theft Prevention, Nik Cubrilovic, 15:06
Re: Hit Throttling - Content Theft Prevention, focus, 15:06
Re: Hit Throttling - Content Theft Prevention, Peter Conrad, 15:06
Re: Hit Throttling - Content Theft Prevention, Nik Cubrilovic, 15:06
Re: Hit Throttling - Content Theft Prevention, Kurt Seifried, 15:06
Hit Throttling - Content Theft Prevention, Nik Cubrilovic, 15:06

October 18, 2005

Re: GET and POST Methods Accepted, Paul Laudanski, 10:16

October 17, 2005

Re: (Quite a few!) volunteers needed for Turkish translation of OWASP Guide v2.0, kerem . kusmezer, 11:35
Re: Importing large code piece into Javascript context without SCRIPT SRC=..., Amit Klein (AKsecurity), 07:13

October 16, 2005

Re: (clarification) GET and POST Methods Accepted, Greg Skouby, 07:22

October 15, 2005

Re: myspace hack, Disco Jonny, 03:10
Re: myspace hack, Tom Gallagher, 01:29
Re: (clarification) GET and POST Methods Accepted, Chris Shiflett, 01:19
Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=..., Amit Klein (AKsecurity), 01:19
MySpace XSS Istanbul now Cross-Stantinople, Evans, Arian, 01:19
RE: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=..., dpw, 01:19
Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=..., Jeremiah Grossman, 01:19
Importing large code piece into Javascript context without SCRIPT SRC=..., Amit Klein (AKsecurity), 01:19

October 14, 2005

RE: myspace hack, Evans, Arian, 20:36
RE: (clarification) GET and POST Methods Accepted, Derick Anderson, 19:26
Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=..., Jeremiah Grossman, 19:16
Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=..., Amit Klein (AKsecurity), 18:15
Re: (clarification) GET and POST Methods Accepted, Andrew van der Stock, 15:24
RE: myspace hack (History of XSS), Jeff Robertson, 15:24
Re: myspace hack (History of XSS), Jeremiah Grossman, 15:14
RE: (clarification) GET and POST Methods Accepted (testing guide version), Evans, Arian, 15:14
Re: myspace hack, bugtraq, 15:04
Re: myspace hack (History of XSS), Jeremiah Grossman, 15:03
Re: myspace hack (readable javascript code ), A. Fontes, 14:53
Re: myspace hack, bugtraq, 14:43
RE: myspace hack, Jeff Robertson, 14:03
Re: myspace hack, Stephen de Vries, 14:03
RE: myspace hack, Richard M. Smith, 13:53
RE: myspace hack, Reynolds, Jake, 13:43
Re: myspace hack, Tim Brown, 13:33
RE: myspace hack, Andrew Chong, 13:33
RE: myspace hack, Radoslav Vasilev, 13:23
Re: myspace hack, Stephen de Vries, 13:23
RE: myspace hack, Jeff Robertson, 13:23
RE: myspace hack, Reynolds, Jake, 12:52
Re: Web Application for project, f_kenisky, 12:52
RE: (clarification) GET and POST Methods Accepted, Amit Klein (AKsecurity), 12:02
RE: GET and POST Methods Accepted, Derick Anderson, 10:21
RE: (clarification) GET and POST Methods Accepted, Jeff Robertson, 10:01
RE: (clarification) GET and POST Methods Accepted, Thomas Schreiber, 09:51
RE: (clarification) GET and POST Methods Accepted, Amit Klein (AKsecurity), 06:40
RE: (clarification) GET and POST Methods Accepted, Joe Teff, 05:09
Re: GET and POST Methods Accepted, John GALLET, 04:59
RE: GET and POST Methods Accepted, Joe Teff, 02:38
RE: (clarification) GET and POST Methods Accepted, Evans, Arian, 00:57
Re: User verification questions, Gary Gwin, 00:47
RE: GET and POST Methods Accepted, christopher baus, 00:27

October 13, 2005

Re: myspace hack, rSYN, 15:11
XSS & SQL injection "determining false positives", mike king, 14:21
Re: User verification questions, Yousef Syed, 14:21
Re: GET and POST Methods Accepted, Eoin Keary, 14:11
RE: myspace hack, Griffiths, Ian, 12:30
Re: myspace hack, Chris Varenhorst, 12:10
Re: myspace hack, Chris Varenhorst, 12:00
RE: GET and POST Methods Accepted, Derick Anderson, 11:19
Re: Cenzic NASL plugins, Michael Boman, 11:19
Re: myspace hack, Stephen de Vries, 11:09
Re: GET and POST Methods Accepted, John GALLET, 11:09
myspace hack, Akash, 10:09
Re: GET and POST Methods Accepted, christopher baus, 08:38
Re: GET and POST Methods Accepted, Amit Klein (AKsecurity), 07:48
Re: GET and POST Methods Accepted, Eoin Keary, 07:07
Re: GET and POST Methods Accepted, Stephen de Vries, 06:47
RE: Notes from CISSP class with Dr. Eric Cole, Harley David, 06:17
Re: GET and POST Methods Accepted, Serg Belokamen, 05:37
honeypot and honeynet as IDS, Krish Mehak, 05:27
Re: GET and POST Methods Accepted, Damien Watson, 05:27
Re: GET and POST Methods Accepted, christopher baus, 01:35
Re: GET and POST Methods Accepted, Joe Teff, 01:35
GET and POST Methods Accepted, Welsh, Ed, 01:05
Re: Notes from CISSP class with Dr. Eric Cole, dreamwvr, 01:05
RE: Notes from CISSP class with Dr. Eric Cole, Mark Roxberry, 01:05
Re: mod_ibm_ssl & mod_ssl, Esteban Martinez Fayo, 01:05

October 12, 2005

Re: Notes from CISSP class with Dr. Eric Cole, kgp, 14:58
Re: Notes from CISSP class with Dr. Eric Cole, intel96, 14:48
Administrivia: CISSP thread, Andrew van der Stock, 14:28
Re: Notes from CISSP class with Dr. Eric Cole, Saqib Ali, 14:18
Re: Re: Notes from CISSP class with Dr. Eric Cole, f_kenisky, 13:37
Re: Notes from CISSP class with Dr. Eric Cole, intel96, 13:07
Re: RE: RE: Notes from CISSP class with Dr. Eric Cole, f_kenisky, 13:07
mod_ibm_ssl & mod_ssl, jipi dini, 11:16
RE: User verification questions, Derick Anderson, 10:56
RE: User verification questions, Auri Rahimzadeh, 10:46
Re: User verification questions, bryan allott, 08:55
RE: Notes from CISSP class with Dr. Eric Cole, PPowenski, 06:04
RE: RE: Notes from CISSP class with Dr. Eric Cole, Craig Wright, 05:53
Re: Web Application for project, lakewood1@copper.net, 05:53
Re: Web Application for project, Mark Ryan del Moral Talabis, 05:53
Re: RE: Notes from CISSP class with Dr. Eric Cole, f_kenisky, 02:22
Re: Re: Notes from CISSP class with Dr. Eric Cole, f_kenisky, 02:12
Web Application for project, f_kenisky, 02:12
Cenzic NASL plugins, sec stuff, 02:02
RE: User verification questions, Derick Anderson, 02:02
RE: User verification questions, Auri Rahimzadeh, 02:02

October 11, 2005

RE: User verification questions, Auri Rahimzadeh, 15:04
Re: User verification questions, John Manko, 14:44
Re: Notes from CISSP class with Dr. Eric Cole, dreamwvr, 14:24
Re: User verification questions, Mark Jeftovic, 14:24
RE: User verification questions, Derick Anderson, 14:24
RE: Notes from CISSP class with Dr. Eric Cole, Michael Krzeszkowski, 09:51
RE: Notes from CISSP class with Dr. Eric Cole, Lyal Collins, 09:01
Re: Notes from CISSP class with Dr. Eric Cole, Eoin Keary, 07:30
Re: User verification questions, Andrew van der Stock, 06:10
Re: Notes from CISSP class with Dr. Eric Cole, danew123, 05:39
RE: OWASP Top 10 Demonstration CodeLooking for pen test open source tools, Sebastien Deleersnyder, 05:39
RE: Notes from CISSP class with Dr. Eric Cole, Harley David, 05:39
FW: [SC-L] Build Security In, Sebastien Deleersnyder, 05:39
User verification questions, Derick Anderson, 05:29

October 10, 2005

RE: Good benchmark application for web security testing tools?, Mark Curphey, 10:10
RE: Notes from CISSP class with Dr. Eric Cole, Lyal Collins, 09:00
Re: OWASP Top 10 Demonstration CodeLooking for pen test open source tools, Stephen de Vries, 09:00
Re: OWASP Top 10 Demonstration CodeLooking for pen test open source tools, mike03051, 08:09
RE: Notes from CISSP class with Dr. Eric Cole, Harley David, 08:09
Announcement: The Web Application Firewall Evaluation Criteria v1, contact, 08:09

October 09, 2005

Re: CLR Stored Procedures, bryan allott, 10:00
CLR Stored Procedures, nitin patel, 07:29

October 08, 2005

Ecyware GreenBlue Inspector (freeware), Rogelio Morrell C., 13:31
RE: Good benchmark application for web security testing tools?, Evans, Arian, 00:56
RE: What are we trying to "Benchmark" anyway? Report color, length, number of red exclamation points...., Evans, Arian, 00:46

October 07, 2005

Paros 3.2.6 release - security fix, contact, 14:10
OWASP Top 10 Demonstration Code, Brokken, Allen P., 02:34
Fw: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, Jeff Williams, 02:34

October 06, 2005

RE: Good benchmark application for web security testing tools?, Mark Curphey, 14:07
Re: (Quite a few!) volunteers needed for Turkish translation of OWASP Guide v2.0, Patrick Nelson, 11:36
(Quite a few!) volunteers needed for Turkish translation of OWASP Guide v2.0, burgun, 10:25
[ANNOUNCE] ModSecurity 1.9RC1 has been released, Ivan Ristic, 09:24
Re: What are we trying to "Benchmark" anyway? Report color, length, number of red exclamation points...., Eoin Keary, 07:44

October 05, 2005

RE: Notes from CISSP class with Dr. Eric Cole, Lyal Collins, 22:29
WASC Threat Classification in 4 languages, contact, 22:29
What are we trying to "Benchmark" anyway? Report color, length, number of red exclamation points...., Evans, Arian, 22:29
Re: Notes from CISSP class with Dr. Eric Cole, Saqib Ali, 13:14
RE: Good benchmark application for web security testing tools?, Ofer Shezaf, 01:39
RE: Good benchmark application for web security testing tools?, Lodin, Steven, 01:28
RE: Good benchmark application for web security testing tools?, Evans, Arian, 01:18
RE: Good benchmark application for web security testing tools?, Benjamin Livshits, 01:18
Re: Notes from CISSP class with Dr. Eric Cole, Garth Somerville, 01:18

October 04, 2005

Re: Good benchmark application for web security testing tools?, Eoin Keary, 13:32
Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity), 12:11
RE: Good benchmark application for web security testing tools?, Steven Rebello, 11:01
Good benchmark application for web security testing tools?, Peine,Holger, 10:30
OWASP Events in October, Andrew van der Stock, 08:19

October 03, 2005

Re: NTLM and man-in-the-middle proxies not working, raymond_b_jimenez, 22:45
Paros 3.2.5 release - re-post, contact, 13:20
RE: SAS 70 and software policies, Rosado, Rafael (Rafael), 00:03

October 02, 2005

Notes from CISSP class with Dr. Eric Cole, Saqib Ali, 17:41
Re: SAS 70 and software policies, jcglover, 17:41
Paros 3.2.5 release, contact, 12:18
Re: Must we authenticate login forms (using SSL?)?, Amir Herzberg, 12:18