Network Security Archives

Web Application Security (date)

[Thread Index] [Top] [All Lists]

May 23, 2006

RE: AppSec Sample Reports, Sutton, Paul A., 23:32
Re: AppSec Sample Reports, Alice Bryson, 06:52

May 22, 2006

AppSec Sample Reports, Pete Soderling, 23:39
Administrivia: Virus scanners and advance notice of slowness, Andrew van der Stock, 06:00
Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)", Amit Klein (AKsecurity), 05:10

May 21, 2006

Re: MYSQL and PHP, s89df987 s9f87s987f, 22:57
Re: Non SSL Bank Login Forms, Jason Muskat, 01:28

May 20, 2006

Re: [WEB SECURITY] Execution before Authentication Vulnerabilities, Ryan Barnett, 14:53
Re: MYSQL and PHP, Σπυρίδων Νίνος, 14:53
Re: Non SSL Bank Login Forms, Don Jackson, 03:09
Re: Comparison report on web app security scanners, solutions_PHP, 03:09
Re: http/spnego connections, Saqib Ali, 03:09
RE: Non SSL Bank Login Forms, James Strassburg, 03:09
WAF learning ability limitation?, matt farey, 03:09
Re: http/spnego connections, Adam Tuliper, 03:09
Re: http/spnego connections, Adam Tuliper, 02:59

May 19, 2006

Re: Non SSL Bank Login Forms, Adam Tuliper, 13:12
http/spnego connections, Adam Tuliper, 13:02
RE: Comparison report on web app security scanners, Mark Curphey, 10:51
Fwd: Non SSL Bank Login Forms, John Kennedy, 05:49
Re: Comparison report on web app security scanners, Bogdan Calin, 05:39
Fwd: Non SSL Bank Login Forms, John Kennedy, 04:48
Re: Non SSL Bank Login Forms, Andrew van der Stock, 04:48
Re: Non SSL Bank Login Forms, Wil Clouser, 04:38
Re: Comparison report on web app security scanners, solutions_PHP, 04:18
Non SSL Bank Login Forms, wilson . amajohn, 04:18
Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Amit Klein (AKsecurity), 04:18
Re: Hacking webconferencing ?, ROB DIXON, 04:18
Re: Comparison report on web app security scanners, Zaninotti, Thiago, 04:08
MP3 of Owasp London Chapter WAF event, Dinis Cruz, 04:08
Article of Authz and Auth and upcoming IEEE on Web Security, Mark Curphey, 04:08
Hacking webconferencing ?, MARTIN Benoni, 02:16
RE: Comparison report on web app security scanners, Mark Curphey, 02:16
Re: Comparison report on web app security scanners, Dean H. Saxe, 02:16
Re: Comparison report on web app security scanners, Bogdan Calin, 02:16
RE: MYSQL and PHP, Wall, Kevin, 02:16
RE: Comparison report on web app security scanners, Bogdan Calin, 02:16
RE: Comparison report on web app security scanners, Martin O'Neal, 02:16
RE: Comparison report on web app security scanners, Mark Curphey, 02:15
Denim Group Releases Sprajax, an Open Source Security Scanner for AJAX, bugtraq, 02:15
MasterBugs Released, Gerald Quakenbush, 02:15
Re: Comparison report on web app security scanners, Eoin, 02:15
RE: Comparison report on web app security scanners, Erwin Geirnaert, 02:15
Re: Comparison report on web app security scanners, Jeremiah Grossman, 02:15
Re: MYSQL and PHP, Ed J. Aivazian, 02:14
Re: MYSQL and PHP, wilson . amajohn, 02:14
Re: MYSQL and PHP, Reid Nichol, 02:14
Re: MYSQL and PHP, bugtraq, 02:14
RE: Comparison report on web app security scanners, Ory Segal, 02:14
RE: Comparison report on web app security scanners, Holger.Peine, 02:14
RE: Comparison report on web app security scanners, Mark Curphey, 02:14
Paros 3.2.12 Release, contact, 02:14
Re: MYSQL and PHP, Robin Wood, 02:14
Re: MYSQL and PHP, Kirk . Johnson, 02:14
Re: MYSQL and PHP, Gerald Quakenbush, 02:14
Re: MYSQL and PHP, Kevin Johnson, 02:13
Final Registration Reminder: 2006 European OWASP AppSec Conference - May 30-31, 2006 near Brussels, Dave Wichers, 02:13
Re: Comparison report on web app security scanners, Bogdan Calin, 02:13
Re: MYSQL and PHP, KlientÅ aptarnavimas, 02:13
Re: MYSQL and PHP, Jason Ross, 02:13
Re: MYSQL and PHP, Gerald Quakenbush, 02:13
Re: MYSQL and PHP, r0xes, 02:13
Re: MYSQL and PHP, Todd Hendricks, 02:13
Re: MYSQL and PHP, Robin Wood, 02:13
Re: MYSQL and PHP, Mark Sanders, 02:13
Re: [SC-L] By default, the Verifier is disabled on .Net and Java, leichter_jerrold, 02:13
MYSQL and PHP, John Madden, 02:13
RE: RE: Re; Comparison report on web app security scanners, Martin O'Neal, 02:11
Re: RE: Re; Comparison report on web app security scanners, ma . huijuan, 02:11
RE: Re; Comparison report on web app security scanners, Holger.Peine, 02:11
Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Michael Silk, 02:10
Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Charles Miller, 02:10

May 13, 2006

Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Michael Silk, 11:26
Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Stephen de Vries, 10:46
RE: Is logoff feature necessary, Auri Rahimzadeh, 02:23
Re: Is logoff feature necessary, Adam Tuliper, 00:12
Re; Comparison report on web app security scanners, jack.jonburg, 00:02

May 12, 2006

Re: Is logoff feature necessary, Michael Silk, 02:20
Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Charles Miller, 01:50
RE: Is logoff feature necessary, Auri Rahimzadeh, 00:19
Re: Is logoff feature necessary, Michael Silk, 00:19
RE: [SC-L] By default, the Verifier is disabled on .Net and Java, Jeff Williams, 00:19
Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Michael Silk, 00:19
RE: Is logoff feature necessary, Matt Fisher, 00:19
Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Michael Silk, 00:09

May 11, 2006

Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Steve Brown, 11:32
Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Stephen de Vries, 09:11
RE: [WEB SECURITY] Re: [Owasp-dotnet] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Darren Webb, 07:40
Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Stephen de Vries, 07:40
RE: Is logoff feature necessary, Rod Divilbiss, 07:30

May 10, 2006

RE: [WEB SECURITY] cookies a fundamental threat?, Evans, Arian, 23:27
RE: Is logoff feature necessary, Auri Rahimzadeh, 23:27
Re: ual Factor/Adaptive Authentication, Saqib Ali, 23:17
RE: ual Factor/Adaptive Authentication, Casey DeBerry, 23:17
Why Novell should take on the 'type-safe platform' challenge, Dinis Cruz, 16:04
Re: [WEB SECURITY] cookies a fundamental threat?, Brian Eaton, 13:12
What is the status of AVDL, Dinis Cruz, 13:02
RE: Googling or Google Hacking Security Conference slides, Craig Wright, 13:02
RE: Is logoff feature necessary, Matt Fisher, 13:02
RE: [WEB SECURITY] What is the status of AVDL, Kurt R. Roemer, 12:52

May 09, 2006

RE: [WEB SECURITY] cookies a fundamental threat?, Evans, Arian, 21:24
Fwd: Security Events Google Calendar, Saqib Ali, 21:24
RE: Meaning of "disabling browser caching", Martin O'Neal, 09:07
Meaning of "disabling browser caching", smith . norton, 08:47
Re: Code snippets to disable browser caching, Peter Conrad, 08:37
RE: Code snippets to disable browser caching, Martin O'Neal, 08:37
Re: Googling or Google Hacking Security Conference slides, Klientu aptarnavimas, 08:37
Black Hat class: Advanced Asp.Net Exploits and Countermeasures, Dinis Cruz, 01:14
RE: [WEB SECURITY] Re: [Owasp-dotnet] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Kit Wetzler, 01:04
+_lp+_gn+ on querystrings, Robin Wood, 01:04
Re: Code snippets to disable browser caching, Tomi Tuominen, 01:04
RE: Is logoff feature necessary, Auri Rahimzadeh, 00:53
Re: Code snippets to disable browser caching, Dave Ferguson, 00:53
Re: Code snippets to disable browser caching, Jean-Jacques Halans, 00:53

May 08, 2006

Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Zaninotti, Thiago, 20:11
Re: Code snippets to disable browser caching, s89df987 s9f87s987f, 10:45
Re: Code snippets to disable browser caching, s89df987 s9f87s987f, 10:45
Re: Normal Horde Probes and Strange Ones, Paul Laudanski, 08:54
Code snippets to disable browser caching, smith . norton, 08:34

May 07, 2006

Normal Horde Probes and Strange Ones, Mark Ryan del Moral Talabis, 21:50

May 06, 2006

Re: [WEB SECURITY] Re: [Owasp-dotnet] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Dean H. Saxe, 01:11
viral phishing, dpw, 01:11
Re: Re: yahoo mail login security, Darren Bounds, 01:11
Re: Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Amit Klein (AKsecurity), 01:11

May 05, 2006

Re: Re: yahoo mail login security, Prakash Kailasa, 11:13
Fwd: SF new column announcement: Innovative ways to fool people, Andrew van der Stock, 10:53
Comparison report on web app security scanners, Holger.Peine, 10:13
Re: ual Factor/Adaptive Authentication, Saqib Ali, 10:13
Re: Re: yahoo mail login security, Darren Bounds, 00:19

May 04, 2006

Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Amit Klein (AKsecurity), 23:08
Re: ual Factor/Adaptive Authentication, Saqib Ali, 23:08
Re: dictionary of forum style usernames, Robin Wood, 13:13
Re: [WEB SECURITY] Java -noverify PoC, Jim Halfpenny, 12:43
Re: dictionary of forum style usernames, Robin Wood, 11:42
RE: dictionary of forum style usernames, Griffiths, Ian, 11:32
RE: dictionary of forum style usernames, Griffiths, Ian, 11:22
RE: [WEB SECURITY] Re: [Owasp-dotnet] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Patrick Wolf, 10:21
Re: WAF functionality ala OWASP London Meeting, Jason, 10:21
Re: [WEB SECURITY] Re: [Owasp-dotnet] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Dinis Cruz, 10:21
Java -noverify PoC, Dinis Cruz, 10:21
Re: [WEB SECURITY] Java -noverify PoC, Stephen de Vries, 10:11
Is logoff feature necessary, intel96, 10:11
ual Factor/Adaptive Authentication, Casey DeBerry, 10:11
dictionary of forum style usernames, Robin Wood, 10:11

May 03, 2006

Re: WAF functionality ala OWASP London Meeting, Michael Silk, 23:36
RE: WAF functionality ala OWASP London Meeting, Omar Salvador Alcalá Ruiz, 23:16
Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Amit Klein (AKsecurity), 23:06
Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Amit Klein (AKsecurity), 22:46
WAF functionality ala OWASP London Meeting, Eoin, 22:36
RE: [WEB SECURITY] cookies a fundamental threat?, Tom Stripling, 16:12
Re: yahoo mail login security, Sels, Roger, 14:51
RE: Is logoff feature necessary, Auri Rahimzadeh, 14:41
RE: [WEB SECURITY] cookies a fundamental threat?, Martin O'Neal, 14:31
Re: yahoo mail login security, Ace123, 14:31
Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Peter Watkins, 14:21
Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Pilon Mntry, 13:10
Re: Is logoff feature necessary, Andrew van der Stock, 13:10
Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Achim Hoffmann, 13:10
OWASP May chapter meetings, Andrew van der Stock, 13:00
Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Brian Eaton, 12:30
RE: Is logoff feature necessary, Keith Duffin, 12:30
Administrivia: Is logoff feature necessary, Andrew van der Stock, 12:20
RE: Is logoff feature necessary, Currey, Mick A, 12:20
Re: [WEB SECURITY] cookies a fundamental threat?, Achim Hoffmann, 12:10
Re: [WEB SECURITY] cookies a fundamental threat?, Achim Hoffmann, 12:10
Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Brian Eaton, 12:10
Re: By default, the Verifier is disabled on .Net and Java, Roman H., 12:00
RE: Is logoff feature necessary, Auri Rahimzadeh, 12:00
Re: Is logoff feature necessary, Alexis FitzGerald, 12:00
By default, the Verifier is disabled on .Net and Java, Dinis Cruz, 10:39
Re: Is logoff feature necessary, Alexander Bolante, 10:39
Re: Is logoff feature necessary, Robert Hajime Lanning, 10:39
RE: [WEB SECURITY] cookies a fundamental threat?, Martin O'Neal, 10:29
Re: Re: yahoo mail login security, Damon Leung, 10:19
Re: [WEB SECURITY] cookies a fundamental threat?, Brian Eaton, 10:19
Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Amit Klein (AKsecurity), 10:19
RE: Is logoff feature necessary, M. Burnett, 10:09
RE: [WEB SECURITY] cookies a fundamental threat?, Tom Stripling, 10:09
Re: [WEB SECURITY] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Dinis Cruz, 10:09
RE: Is logoff feature necessary, Sarbjit Singh Gill, 09:59
Re: yahoo mail login security, Sels, Roger, 09:58
RE: Is logoff feature necessary, wa0qmj, 09:58
Re: [WEB SECURITY] cookies a fundamental threat?, Achim Hoffmann, 09:58
RE: Is logoff feature necessary, Rod Divilbiss, 09:58
Re: Is logoff feature necessary, Dave Ferguson, 09:48
RE: Is logoff feature necessary, Popowycz, Alex, 09:48
RE: Is logoff feature necessary, Jeff Robertson, 09:48
Re: [WEB SECURITY] By default, the Verifier is disabled on .Net and Java, Stephen de Vries, 09:38
Re: Is logoff feature necessary, Michael Silk, 09:38
RE: Regeneration of Session Tokens (from the OWASP Guide), Pilon Mntry, 09:38
RE: Is logoff feature necessary, King, Stuart (REHQ-LON), 09:38
RE: Is logoff feature necessary, Steven Rebello, 09:38
RE: Is logoff feature necessary, André Gil, 09:28
RE: Is logoff feature necessary, wa0qmj, 09:28
RE: Is logoff feature necessary, Deepu Thomas Philip, 09:28
Re: [WEB SECURITY] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Achim Hoffmann, 09:18
Re: Is logoff feature necessary, ViersOnline, 09:18
Re: Is logoff feature necessary, Luciano Miguel Ferreira Rocha, 09:18
Re: [WEB SECURITY] cookies a fundamental threat?, Achim Hoffmann, 09:18
Re: Is logoff feature necessary, Peter Conrad, 09:18
RE: Regeneration of Session Tokens (from the OWASP Guide), M. Burnett, 09:08
Re: Is logoff feature necessary, Daniel Persson, 09:08
Re: Is logoff feature necessary, Vicente Aguilera, 09:08

May 02, 2006

Is logoff feature necessary, test . future, 08:16
Re: [WEB SECURITY] cookies a fundamental threat?, Achim Hoffmann, 08:06
Re: yahoo mail login security, Ace123, 05:35
RE: yahoo mail login security, Matt Fisher, 02:44
Re: Vista and the Type Safe missed oportunity (was Re: [SC-L] New security website: darkreading ), George Capehart, 02:24
Re: [WEB SECURITY] cookies a fundamental threat?, Brian Eaton, 02:24
Re: OT: Inserting Ads without breaking the SSL, elawford, 02:04
Re: Poll: Emerging Threats, Jon R. Kibler, 01:33
Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Dinis Cruz, 00:53
Regeneration of Session Tokens (from the OWASP Guide), Pilon Mntry, 00:43
Re: [WEB SECURITY] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Achim Hoffmann, 00:43
RE: Web Site Certification, ROB DIXON, 00:43
Re: yahoo mail login security, ROB DIXON, 00:43
Re: [WEB SECURITY] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Dinis Cruz, 00:33
Re: [WEB SECURITY] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Dinis Cruz, 00:33

May 01, 2006

Re: yahoo mail login security, Andrew van der Stock, 06:43
Googling or Google Hacking Security Conference slides, newslist@security-briefings.com, 06:43
yahoo mail login security, Ace123, 06:23
Re: cookies a fundamental threat?, chris m, 06:13
Re: [WEB SECURITY] cookies a fundamental threat?, Achim Hoffmann, 06:13
Re: [WEB SECURITY] Re: cookies a fundamental threat (or risk)?, Pilon Mntry, 06:13