Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [WEB SECURITY] SSL does not = a secure website

from [Ryan Barnett] Network Security [Permanent Link]
Subject: Re: [WEB SECURITY] SSL does not = a secure website
Date: Wed, 29 Mar 2006 08:51:11 -0500 
While these tangents are interesting, my original question is still
unanswered.  Does anyone have any references to news stories, etc...
about attackers sniffing user's web data and then using it?

This is not a questions of whether sniffing is a real threat, it is. 
This is a question of having verifiable proof that this is happening
in order to "convert" the unbelievers.  We have verifiable proof that
credit card data is being pilfered in other ways (keyloggers, access
to DB, etc...).  Check out the WASC Web Hacking Incident Database for
news stories -
http://www.webappsec.org/projects/whid/list_class_sql_injection.shtml

--
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code, Brian Eaton
Next by Date:  Re: [WEB SECURITY] SSL does not = a secure website, Brian Eaton
Previous by Thread:  RE: [WEB SECURITY] SSL does not = a secure website, Lyal Collins
Next by Thread:  Re: [WEB SECURITY] SSL does not = a secure website, Brian Eaton
Indexes:  [Date] [Thread] [Top] [All Lists]