Web Application Security (thread)

Black Hat Call for Papers and Registration now open, Jeff Moss, 2006/03/31
SSL Ciphers, pagvac, 2006/03/30
- RE: SSL Ciphers, Dimitris Petropoulos, 2006/03/31
On sandboxes, and why you should care, Dinis Cruz, 2006/03/30
- Re: On sandboxes, and why you should care, Stephen de Vries, 2006/03/31
SF new interview announcement: Open source security testing methodology, Andrew van der Stock, 2006/03/29
OSSTMM Security Analyst Training Live Stream on the Web, Pete Herzog, 2006/03/29
RE: [WEB SECURITY] Online Certificate of Authority, Andre Maisonneuve, 2006/03/29
- Re: [WEB SECURITY] Online Certificate of Authority, Geoffrey, 2006/03/29
Static vs Dynamic Analysis (was RE: AJAX and Web application scanners), James Walden, 2006/03/29
On sandboxes, and why I ... don't care., Andrew van der Stock, 2006/03/29
- Re: On sandboxes, and why I ... don't care., michaelslists, 2006/03/30
Re: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Stephen de Vries, 2006/03/29
Re: 4 Questions: Latest IE vulnerability,Firefox vs IE security, Uservs Admin risk profile, and browsers coded in100% Managed Verifiable code, Jeff Williams, 2006/03/29
- [Full-disclosure] Re: [Owasp-dotnet] Re: 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in100% Managed Verifiable code, michaelslists, 2006/03/29
- Message not available
  - Re: [Full-disclosure] Re: [Owasp-dotnet] Re: 4 Questions: Latest IEvulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in100% Managed Verifiable code, michaelslists, 2006/03/29
Request for licence to help in Owasp's SiteGenerator Development, Dinis Cruz, 2006/03/29
Owasp SiteGenerator v0.70 (public beta release), Dinis Cruz, 2006/03/29
Writing to a local file without a warning, Frank Heyne, 2006/03/28
- RE: Writing to a local file without a warning, Griffiths, Ian, 2006/03/29
  - Re: Writing to a local file without a warning, Todd Hendricks, 2006/03/29
    - Re: Writing to a local file without a warning, Frank Heyne, 2006/03/29
- RE: Writing to a local file without a warning, Damhuis Anton, 2006/03/29
SSL does not = secure web site, thomas.jones, 2006/03/28
Administrivia: Friday 31st March - Limited moderation, and cross-posting, Andrew van der Stock, 2006/03/28
RE: [WEB SECURITY] SSL does not = a secure website, Sebastien Deleersnyder, 2006/03/28
- Re: [WEB SECURITY] SSL does not = a secure website, Richard St John, 2006/03/28
- Re: [WEB SECURITY] SSL does not = a secure website, Nick Owen, 2006/03/28
- RE: [WEB SECURITY] SSL does not = a secure website, Mark Mcdonald, 2006/03/29
  - Re: [WEB SECURITY] SSL does not = a secure website, michaelslists, 2006/03/29
  - Re: [WEB SECURITY] SSL does not = a secure website, Andrew van der Stock, 2006/03/29
    - RE: [WEB SECURITY] SSL does not = a secure website, Lyal Collins, 2006/03/29
    - Re: [WEB SECURITY] SSL does not = a secure website, Ryan Barnett, 2006/03/29
    - Re: [WEB SECURITY] SSL does not = a secure website, Brian Eaton, 2006/03/29
- Re: [WEB SECURITY] SSL does not = a secure website, Brian Eaton, 2006/03/29
  - Re: [WEB SECURITY] SSL does not = a secure website, michaelslists, 2006/03/29
- RE: [WEB SECURITY] SSL does not = a secure website, James Strassburg, 2006/03/29
  - Re: [WEB SECURITY] SSL does not = a secure website, Bill Pennington, 2006/03/29
  - Re: [WEB SECURITY] SSL does not = a secure website, Gervase Markham, 2006/03/29
    - Re: [WEB SECURITY] SSL does not = a secure website, Evert Collab, 2006/03/29
- RE: [WEB SECURITY] SSL does not = a secure website, Jeremy Bellwood, 2006/03/29
  - Re: [WEB SECURITY] SSL does not = a secure website, michaelslists, 2006/03/29
- RE: [WEB SECURITY] SSL does not = a secure website, PPowenski, 2006/03/29
AJAX and Web application scanners, rajeshdilli, 2006/03/27
- RE: AJAX and Web application scanners, Tate Hansen, 2006/03/28
- Re: AJAX and Web application scanners, Rogan Dawes, 2006/03/28
- RE: AJAX and Web application scanners, thomas.jones, 2006/03/28
- RE: AJAX and Web application scanners, Evans, Arian, 2006/03/28
- Re: RE: AJAX and Web application scanners, rajeshdilli, 2006/03/29
- RE: AJAX and Web application scanners, Jeff Robertson, 2006/03/29
  - Re: AJAX and Web application scanners, Andrew van der Stock, 2006/03/29
Announcement: The Web Hacking Incidents Database, contact, 2006/03/27
[Full-disclosure] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Wall, Kevin, 2006/03/25
- [Full-disclosure] Buffer OverFlow in ILASM and ILDASM, Dinis Cruz, 2006/03/26
- [Full-disclosure] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Dinis Cruz, 2006/03/27
  - [Full-disclosure] RE: [OWASP-LEADERS] Re: [Owasp-dotnet] RE: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, Uservs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Jeff Williams, 2006/03/27
[Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Dinis Cruz, 2006/03/25
- [Full-disclosure] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Jeff Williams, 2006/03/25
  - [Full-disclosure] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Dinis Cruz, 2006/03/27
    - Re: [Full-disclosure] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Joe Ciechanowski, 2006/03/31
    - Re: [Full-disclosure] Re: [Owasp-dotnet] RE: 4 Questions: Latest IEvulnerability, Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code, Joe Ciechanowski, 2006/03/31
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Brian Eaton, 2006/03/26
  - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Pilon Mntry, 2006/03/27
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Brian Eaton, 2006/03/27
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Pavel Kankovsky, 2006/03/27
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Brian Eaton, 2006/03/27
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Pavel Kankovsky, 2006/03/28
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Brian Eaton, 2006/03/29
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code, Brian Eaton, 2006/03/29
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefoxvs IE security, User vs Admin risk profile, and browsers coded in 100%Managed Verifiable code, Pavel Kankovsky, 2006/03/29
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Valdis . Kletnieks, 2006/03/26
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Pavel Kankovsky, 2006/03/27
  - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Brian Eaton, 2006/03/27
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Pavel Kankovsky, 2006/03/28
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, michaelslists, 2006/03/29
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Andrew van der Stock, 2006/03/29
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, michaelslists, 2006/03/29
    - Java integer overflows (was: a really long topic), Andrew van der Stock, 2006/03/29
    - [Full-disclosure] Re: Java integer overflows (was: a really long topic), michaelslists, 2006/03/29
    - Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic), Eliah Kagan, 2006/03/29
    - Re: [Full-disclosure] Re: Java integer overflows (was: a really long topic), michaelslists, 2006/03/29
    - Re: [Full-disclosure] Re: Java integer overflows (was: a really longtopic), michaelslists, 2006/03/29
    - Re: [Full-disclosure] Re: Java integer overflows (was: a really longtopic), Eliah Kagan, 2006/03/29
    - [Full-disclosure] Re: Java integer overflows (was: a really longtopic), michaelslists, 2006/03/29
    - [Full-disclosure] Re: Java integer overflows (was: a really long topic), Eoin, 2006/03/29
    - Re: [Full-disclosure] Java integer overflows (was: a really long topic), Simon Roberts, 2006/03/29
    - RE: [Full-disclosure] Java integer overflows (was: a really long topic), Tim Hollebeek, 2006/03/29
    - Re: [Full-disclosure] Java integer overflows (was: a really long topic), KF (lists), 2006/03/29
    - RE: [Full-disclosure] Java integer overflows (was: a really long topic), Tim Hollebeek, 2006/03/30
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code, michaelslists, 2006/03/29
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code, Andrew van der Stock, 2006/03/29
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, Brian Eaton, 2006/03/29
    - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability,Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code, Brian Eaton, 2006/03/29
Offtopic: Guidelines for Safe Internet brownsing for minors, Saqib Ali, 2006/03/24
- Re: Offtopic: Guidelines for Safe Internet brownsing for minors, Kris Kahn, 2006/03/26
RE: [WEB SECURITY] Server Identification, Matt Schmotzer, 2006/03/23
common practices of cleaning user input, Anthony Ettinger, 2006/03/23
Server Identification, Andres Molinetti, 2006/03/23
- Re: [WEB SECURITY] Server Identification, Bryan Murphy, 2006/03/23
- RE: [WEB SECURITY] Server Identification, Deb Hale, 2006/03/23
- Re: Server Identification, Kevin Johnson, 2006/03/24
- RE: Server Identification, Tommy Baker, 2006/03/23
RE: [WEB SECURITY] How to Create Secure Web Applications withStruts, Andre Maisonneuve, 2006/03/22
Web attacks, phpBB mass-hack and the PHP Honeypot Project, Mark Ryan del Moral Talabis, 2006/03/22
RE: [WEB SECURITY] How to Create Secure Web Applications with Struts, JAMES N. BARBIERI, 2006/03/22
w3wp remote DoS, Debasis Mohanty, 2006/03/22
Re: RE: RE: Tools comparison and evaluation question (AppScan), david_allouch, 2006/03/22
Reminder: 2006 European OWASP AppSec Conference - May 30-31, 2006 near Brussels, Dave Wichers, 2006/03/21
ERRATA: Re: [WEB SECURITY] XST, Amit Klein (AKsecurity), 2006/03/21
RE: [WEB SECURITY] How to Create Secure Web Applications with Struts, Andre Maisonneuve, 2006/03/21
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts, Pilon Mntry, 2006/03/21
  - Re: [WEB SECURITY] How to Create Secure Web Applications with Struts, Stephen de Vries, 2006/03/21
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts, Pilon Mntry, 2006/03/22
- RE: [WEB SECURITY] How to Create Secure Web Applications with Struts, PPowenski, 2006/03/22
Interesting University Security Weakness, Schmidt, Albert E, 2006/03/20
- Message not available
  - Re: [WEB SECURITY] Free tool to analyse and post http request, Jamie Lawrence, 2006/03/23
    - Re: [WEB SECURITY] Free tool to analyse and post http request, yeesan wong, 2006/03/24
Redirection obfuscation in FF and NS, RSnake, 2006/03/20
- Re: Redirection obfuscation in FF and NS, Saqib Ali, 2006/03/20
  - Re: Redirection obfuscation in FF and NS, RSnake, 2006/03/20
    - Re: Redirection obfuscation in FF and NS, Saqib Ali, 2006/03/20
How to Create Secure Web Applications with Struts, bugtraq, 2006/03/19
- Re: [WEB SECURITY] How to Create Secure Web Applications with Struts, Stephen de Vries, 2006/03/20
  - Re: [WEB SECURITY] How to Create Secure Web Applications with Struts, Pilon Mntry, 2006/03/21
    - A Modular Approach to Data Validation in Web Applications, Stephen de Vries, 2006/03/27
  - Re: [WEB SECURITY] How to Create Secure Web Applications with Struts, George Capehart, 2006/03/21
    - XST, Frederic Charpentier, 2006/03/21
    - Re: [WEB SECURITY] XST, Amit Klein (AKsecurity), 2006/03/21
Call for Participation: HOPE#6, July 21-23, Dominick LaTrappe, 2006/03/17
Marking Session IDs as Secure in IIS 6.0, steven_debough, 2006/03/17
SQL Injecting RFID Readers, bugtraq, 2006/03/16
HTTP proxy/redirector to a unique virtual host ...., Alberto Paris, 2006/03/15
- Re: HTTP proxy/redirector to a unique virtual host ...., Luciano Miguel Ferreira Rocha, 2006/03/16
- Re: HTTP proxy/redirector to a unique virtual host ...., davidribyrne, 2006/03/16
- RE: HTTP proxy/redirector to a unique virtual host ...., Alan Murphy, 2006/03/16
  - Re: HTTP proxy/redirector to a unique virtual host ...., Thomas Chiverton, 2006/03/17
- Re: HTTP proxy/redirector to a unique virtual host ...., John . T . Burkhart, 2006/03/16
- RE: HTTP proxy/redirector to a unique virtual host ...., Jeff Gercken, 2006/03/17
A study in Application Based Intrusion Detection, kp, 2006/03/15
- Re: A study in Application Based Intrusion Detection, dp, 2006/03/15
- Re: A study in Application Based Intrusion Detection, kp, 2006/03/15
Web Application Security Contest - Vulnerabilities, sthalkidis, 2006/03/14
XSS testing & general webapp testing on my hosted apps, arian.evans, 2006/03/10
FW: Publication of Vulnerabilities in Vendor Code, Brokken, Allen P., 2006/03/10
- Re: FW: Publication of Vulnerabilities in Vendor Code, D.Snezhkov, 2006/03/10
  - RE: FW: Publication of Vulnerabilities in Vendor Code, Sasha Romanosky, 2006/03/12
- Re: FW: Publication of Vulnerabilities in Vendor Code, Kyle Maxwell, 2006/03/10
- Re: FW: Publication of Vulnerabilities in Vendor Code, leighm, 2006/03/11
get network user name, John Bond, 2006/03/09
- Re: get network user name, Josh, 2006/03/09
  - Re: get network user name, Adam Tuliper, 2006/03/10
    - Re: get network user name, Josh, 2006/03/10
  - RE: get network user name, Auri Rahimzadeh, 2006/03/10
- Re: get network user name, John Bond, 2006/03/10
  - Re: get network user name, Josh, 2006/03/11
Purple Paper: Exegesis Of Virtual Hosts Hacking, pagvac, 2006/03/09
CanSecWest/core06 Vancouver April 3-7, Dragos Ruiu, 2006/03/08
SF new column annoucement: The value of vulnerabilities, Andrew van der Stock, 2006/03/07
Announcement: WASC Threat Classification in German, contact, 2006/03/06
SyScan'06 Call For Papers, organiser@syscan.org, 2006/03/06
[Full-disclosure] HITBSecConf2006 - Malaysia: Call for Papers, Praburaajan, 2006/03/05
U.S. Objects to Snort Purchase by Israel-Based Check Point, bugtraq, 2006/03/04
Crimeware coverage by Scientific American, Saqib Ali, 2006/03/04
- OWASP AppSec Europe 2006 Agenda Posted, Dave Wichers, 2006/03/06
Consolidated OWASP Meetings for March, Andrew van der Stock, 2006/03/02
Fwd: SF new column announcement: The big DRM mistake, Andrew van der Stock, 2006/03/01
Update on OWASP London Next Week, Mark Curphey, 2006/03/01
OWASP chapter meeting Dublin 20th March., Eoin, 2006/03/01
Technical Note by Amit Klein: "Path Insecurity", Amit Klein (AKsecurity), 2006/03/01