Network Security Archives

Web Application Security (date)

[Thread Index] [Top] [All Lists]

March 31, 2006

Black Hat Call for Papers and Registration now open, Jeff Moss, 23:16
Re: On sandboxes, and why you should care, Stephen de Vries, 23:05
Re: [Full-disclosure] Re: [Owasp-dotnet] RE: 4 Questions: Latest IEvulnerability, Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code, Joe Ciechanowski, 23:05
RE: SSL Ciphers, Dimitris Petropoulos, 23:05
Re: [Full-disclosure] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Joe Ciechanowski, 12:59

March 30, 2006

SSL Ciphers, pagvac, 20:17
On sandboxes, and why you should care, Dinis Cruz, 10:02
RE: [Full-disclosure] Java integer overflows (was: a really long topic), Tim Hollebeek, 10:02
Re: On sandboxes, and why I ... don't care., michaelslists, 10:02

March 29, 2006

Re: [Full-disclosure] Java integer overflows (was: a really long topic), KF (lists), 22:36
RE: [Full-disclosure] Java integer overflows (was: a really long topic), Tim Hollebeek, 22:06
[Full-disclosure] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Gunnar Peterson, 21:56
SF new interview announcement: Open source security testing methodology, Andrew van der Stock, 21:05
Re: [WEB SECURITY] SSL does not = a secure website, Brian Eaton, 20:55
Re: [WEB SECURITY] SSL does not = a secure website, Ryan Barnett, 20:55
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code, Brian Eaton, 20:45
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code, Brian Eaton, 20:45
OSSTMM Security Analyst Training Live Stream on the Web, Pete Herzog, 20:45
Re: [WEB SECURITY] Online Certificate of Authority, Geoffrey, 20:45
Re: [WEB SECURITY] SSL does not = a secure website, Gervase Markham, 20:35
Re: [WEB SECURITY] SSL does not = a secure website, Evert Collab, 20:35
RE: [WEB SECURITY] Online Certificate of Authority, Andre Maisonneuve, 20:35
Static vs Dynamic Analysis (was RE: AJAX and Web application scanners), James Walden, 20:25
Re: [Full-disclosure] Java integer overflows (was: a really long topic), Simon Roberts, 17:13
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Brian Eaton, 13:57
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Brian Eaton, 13:37
Re: AJAX and Web application scanners, Andrew van der Stock, 11:56
On sandboxes, and why I ... don't care., Andrew van der Stock, 11:46
RE: AJAX and Web application scanners, Jeff Robertson, 11:36
RE: Writing to a local file without a warning, Damhuis Anton, 11:26
Re: Writing to a local file without a warning, Todd Hendricks, 11:26
Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Stephen de Vries, 11:26
RE: [WEB SECURITY] SSL does not = a secure website, Lyal Collins, 11:26
RE: [WEB SECURITY] SSL does not = a secure website, PPowenski, 11:16
Re: Writing to a local file without a warning, Frank Heyne, 11:16
[Full-disclosure] Re: Java integer overflows (was: a really long topic), Eoin, 08:45
Re: [Full-disclosure] Re: [Owasp-dotnet] Re: 4 Questions: Latest IEvulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in100% Managed Verifiable code, michaelslists, 02:52
Re: [Full-disclosure] Re: Java integer overflows (was: a really longtopic), michaelslists, 02:42
[Full-disclosure] Re: Java integer overflows (was: a really longtopic), michaelslists, 02:42
Re: [Full-disclosure] Re: Java integer overflows (was: a really longtopic), Eliah Kagan, 02:32
[Full-disclosure] Re: [Owasp-dotnet] Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in100% Managed Verifiable code, michaelslists, 02:32
Re: 4 Questions: Latest IE vulnerability,Firefox vs IE security, Uservs Admin risk profile, and browsers coded in100% Managed Verifiable code, Jeff Williams, 02:21
Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic), michaelslists, 02:21
Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic), Eliah Kagan, 02:21
Java integer overflows (was: a really long topic), Andrew van der Stock, 02:11
[Full-disclosure] Re: Java integer overflows (was: a really long topic), michaelslists, 02:11
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code, michaelslists, 02:11
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code, Andrew van der Stock, 02:01
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, michaelslists, 01:51
Re: [WEB SECURITY] SSL does not = a secure website, michaelslists, 01:51
[Full-disclosure] Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Dinis Cruz, 01:51
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Andrew van der Stock, 01:11
Re: [WEB SECURITY] SSL does not = a secure website, Andrew van der Stock, 01:01
Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Dinis Cruz, 00:51
RE: [WEB SECURITY] SSL does not = a secure website, Jeremy Bellwood, 00:51
Re: [WEB SECURITY] SSL does not = a secure website, michaelslists, 00:51
RE: [WEB SECURITY] SSL does not = a secure website, James Strassburg, 00:30
Re: [WEB SECURITY] SSL does not = a secure website, michaelslists, 00:30
Request for licence to help in Owasp's SiteGenerator Development, Dinis Cruz, 00:30
Re: [WEB SECURITY] SSL does not = a secure website, Brian Eaton, 00:20
Owasp SiteGenerator v0.70 (public beta release), Dinis Cruz, 00:20
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, michaelslists, 00:10
[Full-disclosure] Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Dinis Cruz, 00:10
Re: [WEB SECURITY] SSL does not = a secure website, Bill Pennington, 00:10
RE: [WEB SECURITY] SSL does not = a secure website, Mark Mcdonald, 00:00
Re: RE: AJAX and Web application scanners, rajeshdilli, 00:00
RE: Writing to a local file without a warning, Griffiths, Ian, 00:00
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefoxvs IE security, User vs Admin risk profile, and browsers coded in 100%Managed Verifiable code, Pavel Kankovsky, 00:00

March 28, 2006

RE: AJAX and Web application scanners, Evans, Arian, 23:50
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Pavel Kankovsky, 23:09
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Pavel Kankovsky, 23:09
[Full-disclosure] RE: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Eric Swanson, 21:38
[Full-disclosure] Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Dinis Cruz, 21:38
[Full-disclosure] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Dinis Cruz, 21:38
Writing to a local file without a warning, Frank Heyne, 17:06
Re: [WEB SECURITY] SSL does not = a secure website, Nick Owen, 14:14
SSL does not = secure web site, thomas.jones, 14:14
RE: AJAX and Web application scanners, thomas.jones, 14:04
Re: [WEB SECURITY] SSL does not = a secure website, Richard St John, 14:04
Re: AJAX and Web application scanners, Rogan Dawes, 13:24
Administrivia: Friday 31st March - Limited moderation, and cross-posting, Andrew van der Stock, 07:51
RE: AJAX and Web application scanners, Tate Hansen, 07:11
RE: [WEB SECURITY] SSL does not = a secure website, Sebastien Deleersnyder, 07:01

March 27, 2006

March 26, 2006

[Full-disclosure] Buffer OverFlow in ILASM and ILDASM, Dinis Cruz, 23:53
Re: Offtopic: Guidelines for Safe Internet brownsing for minors, Kris Kahn, 01:25
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Valdis . Kletnieks, 00:55
Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Brian Eaton, 00:34

March 25, 2006

March 24, 2006

Offtopic: Guidelines for Safe Internet brownsing for minors, Saqib Ali, 22:42
Re: [WEB SECURITY] Free tool to analyse and post http request, yeesan wong, 10:55
Re: Server Identification, Kevin Johnson, 10:55

March 23, 2006

RE: [WEB SECURITY] Server Identification, Matt Schmotzer, 20:28
RE: Server Identification, Tommy Baker, 20:18
common practices of cleaning user input, Anthony Ettinger, 20:18
RE: [WEB SECURITY] Server Identification, Deb Hale, 20:18
Re: [WEB SECURITY] Server Identification, Bryan Murphy, 20:08
Server Identification, Andres Molinetti, 20:08
Re: [WEB SECURITY] Free tool to analyse and post http request, Jamie Lawrence, 09:00

March 22, 2006

RE: [WEB SECURITY] How to Create Secure Web Applications withStruts, Andre Maisonneuve, 21:34
Web attacks, phpBB mass-hack and the PHP Honeypot Project, Mark Ryan del Moral Talabis, 21:24
RE: [WEB SECURITY] How to Create Secure Web Applications with Struts, JAMES N. BARBIERI, 21:14
RE: [WEB SECURITY] How to Create Secure Web Applications with Struts, PPowenski, 21:04
w3wp remote DoS, Debasis Mohanty, 21:04
Re: RE: RE: Tools comparison and evaluation question (AppScan), david_allouch, 20:54
Re: [WEB SECURITY] How to Create Secure Web Applications with Struts, Pilon Mntry, 20:54

March 21, 2006

Reminder: 2006 European OWASP AppSec Conference - May 30-31, 2006 near Brussels, Dave Wichers, 19:52
Re: [WEB SECURITY] How to Create Secure Web Applications with Struts, Stephen de Vries, 19:42
Re: [WEB SECURITY] How to Create Secure Web Applications with Struts, Pilon Mntry, 19:41
ERRATA: Re: [WEB SECURITY] XST, Amit Klein (AKsecurity), 19:41
RE: [WEB SECURITY] How to Create Secure Web Applications with Struts, Andre Maisonneuve, 19:41
Re: [WEB SECURITY] XST, Amit Klein (AKsecurity), 19:31
Re: [WEB SECURITY] How to Create Secure Web Applications with Struts, George Capehart, 11:35
Re: [WEB SECURITY] How to Create Secure Web Applications with Struts, Pilon Mntry, 11:35
XST, Frederic Charpentier, 11:25

March 20, 2006

Re: Redirection obfuscation in FF and NS, Saqib Ali, 23:40
Re: Redirection obfuscation in FF and NS, RSnake, 23:40
Re: Redirection obfuscation in FF and NS, Saqib Ali, 23:40
Interesting University Security Weakness, Schmidt, Albert E, 22:20
Redirection obfuscation in FF and NS, RSnake, 21:49
Re: [WEB SECURITY] How to Create Secure Web Applications with Struts, Stephen de Vries, 10:53

March 19, 2006

How to Create Secure Web Applications with Struts, bugtraq, 22:18

March 17, 2006

RE: HTTP proxy/redirector to a unique virtual host ...., Jeff Gercken, 22:38
Call for Participation: HOPE#6, July 21-23, Dominick LaTrappe, 22:28
Marking Session IDs as Secure in IIS 6.0, steven_debough, 00:51
Re: HTTP proxy/redirector to a unique virtual host ...., Thomas Chiverton, 00:41

March 16, 2006

SQL Injecting RFID Readers, bugtraq, 07:38
Re: HTTP proxy/redirector to a unique virtual host ...., John . T . Burkhart, 07:28
Re: HTTP proxy/redirector to a unique virtual host ...., Luciano Miguel Ferreira Rocha, 07:28
RE: HTTP proxy/redirector to a unique virtual host ...., Alan Murphy, 07:28
Re: HTTP proxy/redirector to a unique virtual host ...., davidribyrne, 07:28

March 15, 2006

HTTP proxy/redirector to a unique virtual host ...., Alberto Paris, 22:33
Re: A study in Application Based Intrusion Detection, kp, 16:22
Re: A study in Application Based Intrusion Detection, dp, 12:20
A study in Application Based Intrusion Detection, kp, 10:39

March 14, 2006

Web Application Security Contest - Vulnerabilities, sthalkidis, 22:32

March 12, 2006

RE: FW: Publication of Vulnerabilities in Vendor Code, Sasha Romanosky, 04:54

March 11, 2006

Re: get network user name, Josh, 09:26
Re: FW: Publication of Vulnerabilities in Vendor Code, leighm, 00:53

March 10, 2006

XSS testing & general webapp testing on my hosted apps, arian.evans, 22:22
Re: FW: Publication of Vulnerabilities in Vendor Code, Kyle Maxwell, 22:12
Re: FW: Publication of Vulnerabilities in Vendor Code, D.Snezhkov, 21:22
Re: get network user name, John Bond, 20:51
FW: Publication of Vulnerabilities in Vendor Code, Brokken, Allen P., 20:41
Re: get network user name, Josh, 02:31
RE: get network user name, Auri Rahimzadeh, 02:31
Re: get network user name, Adam Tuliper, 02:31

March 09, 2006

Re: get network user name, Josh, 22:50
get network user name, John Bond, 22:09
Purple Paper: Exegesis Of Virtual Hosts Hacking, pagvac, 21:49

March 08, 2006

CanSecWest/core06 Vancouver April 3-7, Dragos Ruiu, 07:50

March 07, 2006

SF new column annoucement: The value of vulnerabilities, Andrew van der Stock, 20:14

March 06, 2006

Announcement: WASC Threat Classification in German, contact, 12:01
OWASP AppSec Europe 2006 Agenda Posted, Dave Wichers, 00:57
SyScan'06 Call For Papers, organiser@syscan.org, 00:57

March 05, 2006

[Full-disclosure] HITBSecConf2006 - Malaysia: Call for Papers, Praburaajan, 02:58

March 04, 2006

U.S. Objects to Snort Purchase by Israel-Based Check Point, bugtraq, 00:58
Crimeware coverage by Scientific American, Saqib Ali, 00:48

March 02, 2006

Consolidated OWASP Meetings for March, Andrew van der Stock, 09:57

March 01, 2006

Fwd: SF new column announcement: The big DRM mistake, Andrew van der Stock, 22:52
Update on OWASP London Next Week, Mark Curphey, 14:58
OWASP chapter meeting Dublin 20th March., Eoin, 10:26
Technical Note by Amit Klein: "Path Insecurity", Amit Klein (AKsecurity), 10:16