Web Application Security (thread)

AppSec Sample Reports, Pete Soderling, 2006/05/22
- Re: AppSec Sample Reports, Alice Bryson, 2006/05/23
- RE: AppSec Sample Reports, Sutton, Paul A., 2006/05/23
Administrivia: Virus scanners and advance notice of slowness, Andrew van der Stock, 2006/05/22
Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)", Amit Klein (AKsecurity), 2006/05/22
Re: [WEB SECURITY] Execution before Authentication Vulnerabilities, Ryan Barnett, 2006/05/20
Non SSL Bank Login Forms, wilson . amajohn, 2006/05/19
- Re: Non SSL Bank Login Forms, Wil Clouser, 2006/05/19
  - Message not available
    - Fwd: Non SSL Bank Login Forms, John Kennedy, 2006/05/19
  - Message not available
    - Fwd: Non SSL Bank Login Forms, John Kennedy, 2006/05/19
  - Re: Non SSL Bank Login Forms, Adam Tuliper, 2006/05/19
    - http/spnego connections, Adam Tuliper, 2006/05/19
    - Re: http/spnego connections, Saqib Ali, 2006/05/20
    - Re: http/spnego connections, Adam Tuliper, 2006/05/20
    - Re: http/spnego connections, Adam Tuliper, 2006/05/20
    - Re: Non SSL Bank Login Forms, Don Jackson, 2006/05/20
- Re: Non SSL Bank Login Forms, Andrew van der Stock, 2006/05/19
- Re: Non SSL Bank Login Forms, Jason Muskat, 2006/05/21
- RE: Non SSL Bank Login Forms, James Strassburg, 2006/05/20
MP3 of Owasp London Chapter WAF event, Dinis Cruz, 2006/05/19
Article of Authz and Auth and upcoming IEEE on Web Security, Mark Curphey, 2006/05/19
Hacking webconferencing ?, MARTIN Benoni, 2006/05/19
- Re: Hacking webconferencing ?, ROB DIXON, 2006/05/19
Denim Group Releases Sprajax, an Open Source Security Scanner for AJAX, bugtraq, 2006/05/19
MasterBugs Released, Gerald Quakenbush, 2006/05/19
Paros 3.2.12 Release, contact, 2006/05/19
Final Registration Reminder: 2006 European OWASP AppSec Conference - May 30-31, 2006 near Brussels, Dave Wichers, 2006/05/19
MYSQL and PHP, John Madden, 2006/05/19
- Re: MYSQL and PHP, Mark Sanders, 2006/05/19
- Re: MYSQL and PHP, Robin Wood, 2006/05/19
- Re: MYSQL and PHP, Todd Hendricks, 2006/05/19
- Re: MYSQL and PHP, r0xes, 2006/05/19
- Re: MYSQL and PHP, Gerald Quakenbush, 2006/05/19
  - Re: MYSQL and PHP, Robin Wood, 2006/05/19
    - Re: MYSQL and PHP, Gerald Quakenbush, 2006/05/19
  - Re: MYSQL and PHP, bugtraq, 2006/05/19
    - Re: MYSQL and PHP, Reid Nichol, 2006/05/19
- Re: MYSQL and PHP, Jason Ross, 2006/05/19
- Re: MYSQL and PHP, KlientÅ aptarnavimas, 2006/05/19
- Re: MYSQL and PHP, Kevin Johnson, 2006/05/19
- Re: MYSQL and PHP, Kirk . Johnson, 2006/05/19
- Re: MYSQL and PHP, Ed J. Aivazian, 2006/05/19
- Re: MYSQL and PHP, wilson . amajohn, 2006/05/19
- RE: MYSQL and PHP, Wall, Kevin, 2006/05/19
- Re: MYSQL and PHP, Σπυρίδων Νίνος, 2006/05/20
- Re: MYSQL and PHP, s89df987 s9f87s987f, 2006/05/21
Re; Comparison report on web app security scanners, jack.jonburg, 2006/05/13
- RE: Re; Comparison report on web app security scanners, Holger.Peine, 2006/05/19
- Re: RE: Re; Comparison report on web app security scanners, ma . huijuan, 2006/05/19
- RE: RE: Re; Comparison report on web app security scanners, Martin O'Neal, 2006/05/19
Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Stephen de Vries, 2006/05/11
- Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Stephen de Vries, 2006/05/11
  - Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Steve Brown, 2006/05/11
    - Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Michael Silk, 2006/05/12
  - Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Charles Miller, 2006/05/12
    - Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Stephen de Vries, 2006/05/13
    - Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Michael Silk, 2006/05/13
    - Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Charles Miller, 2006/05/19
- RE: [SC-L] By default, the Verifier is disabled on .Net and Java, Jeff Williams, 2006/05/12
  - Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Michael Silk, 2006/05/12
- Re: [SC-L] By default, the Verifier is disabled on .Net and Java, Michael Silk, 2006/05/19
- Re: [SC-L] By default, the Verifier is disabled on .Net and Java, leichter_jerrold, 2006/05/19
Why Novell should take on the 'type-safe platform' challenge, Dinis Cruz, 2006/05/10
What is the status of AVDL, Dinis Cruz, 2006/05/10
- RE: [WEB SECURITY] What is the status of AVDL, Kurt R. Roemer, 2006/05/10
Fwd: Security Events Google Calendar, Saqib Ali, 2006/05/09
Meaning of "disabling browser caching", smith . norton, 2006/05/09
- RE: Meaning of "disabling browser caching", Martin O'Neal, 2006/05/09
Black Hat class: Advanced Asp.Net Exploits and Countermeasures, Dinis Cruz, 2006/05/09
+_lp+_gn+ on querystrings, Robin Wood, 2006/05/09
Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Zaninotti, Thiago, 2006/05/08
- Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Amit Klein (AKsecurity), 2006/05/19
Code snippets to disable browser caching, smith . norton, 2006/05/08
- Re: Code snippets to disable browser caching, Dave Ferguson, 2006/05/09
- Re: Code snippets to disable browser caching, s89df987 s9f87s987f, 2006/05/08
- Re: Code snippets to disable browser caching, s89df987 s9f87s987f, 2006/05/08
  - Re: Code snippets to disable browser caching, Jean-Jacques Halans, 2006/05/09
    - Re: Code snippets to disable browser caching, Peter Conrad, 2006/05/09
  - Re: Code snippets to disable browser caching, Tomi Tuominen, 2006/05/09
- RE: Code snippets to disable browser caching, Martin O'Neal, 2006/05/09
Normal Horde Probes and Strange Ones, Mark Ryan del Moral Talabis, 2006/05/07
- Re: Normal Horde Probes and Strange Ones, Paul Laudanski, 2006/05/08
viral phishing, dpw, 2006/05/06
Fwd: SF new column announcement: Innovative ways to fool people, Andrew van der Stock, 2006/05/05
Comparison report on web app security scanners, Holger.Peine, 2006/05/05
- Re: Comparison report on web app security scanners, Bogdan Calin, 2006/05/19
  - RE: Comparison report on web app security scanners, Mark Curphey, 2006/05/19
    - Re: Comparison report on web app security scanners, Dean H. Saxe, 2006/05/19
    - Re: Comparison report on web app security scanners, Bogdan Calin, 2006/05/19
- RE: Comparison report on web app security scanners, Holger.Peine, 2006/05/19
- RE: Comparison report on web app security scanners, Ory Segal, 2006/05/19
  - Re: Comparison report on web app security scanners, Jeremiah Grossman, 2006/05/19
    - RE: Comparison report on web app security scanners, Mark Curphey, 2006/05/19
    - Re: Comparison report on web app security scanners, Zaninotti, Thiago, 2006/05/19
  - Re: Comparison report on web app security scanners, Eoin, 2006/05/19
  - RE: Comparison report on web app security scanners, Mark Curphey, 2006/05/19
    - RE: Comparison report on web app security scanners, Bogdan Calin, 2006/05/19
    - Re: Comparison report on web app security scanners, solutions_PHP, 2006/05/19
    - Re: Comparison report on web app security scanners, Bogdan Calin, 2006/05/19
    - RE: Comparison report on web app security scanners, Mark Curphey, 2006/05/19
    - WAF learning ability limitation?, matt farey, 2006/05/20
    - Re: Comparison report on web app security scanners, solutions_PHP, 2006/05/20
- RE: Comparison report on web app security scanners, Erwin Geirnaert, 2006/05/19
- RE: Comparison report on web app security scanners, Martin O'Neal, 2006/05/19
RE: [WEB SECURITY] Re: [Owasp-dotnet] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Patrick Wolf, 2006/05/04
- Re: [WEB SECURITY] Re: [Owasp-dotnet] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Dinis Cruz, 2006/05/04
- Re: [WEB SECURITY] Re: [Owasp-dotnet] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Dean H. Saxe, 2006/05/06
  - RE: [WEB SECURITY] Re: [Owasp-dotnet] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Darren Webb, 2006/05/11
- RE: [WEB SECURITY] Re: [Owasp-dotnet] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Kit Wetzler, 2006/05/09
Java -noverify PoC, Dinis Cruz, 2006/05/04
- Re: [WEB SECURITY] Java -noverify PoC, Stephen de Vries, 2006/05/04
  - Re: [WEB SECURITY] Java -noverify PoC, Jim Halfpenny, 2006/05/04
ual Factor/Adaptive Authentication, Casey DeBerry, 2006/05/04
- Re: ual Factor/Adaptive Authentication, Saqib Ali, 2006/05/04
  - Re: ual Factor/Adaptive Authentication, Saqib Ali, 2006/05/05
- RE: ual Factor/Adaptive Authentication, Casey DeBerry, 2006/05/10
  - Re: ual Factor/Adaptive Authentication, Saqib Ali, 2006/05/10
dictionary of forum style usernames, Robin Wood, 2006/05/04
- RE: dictionary of forum style usernames, Griffiths, Ian, 2006/05/04
  - Re: dictionary of forum style usernames, Robin Wood, 2006/05/04
- RE: dictionary of forum style usernames, Griffiths, Ian, 2006/05/04
  - Re: dictionary of forum style usernames, Robin Wood, 2006/05/04
WAF functionality ala OWASP London Meeting, Eoin, 2006/05/03
- Re: WAF functionality ala OWASP London Meeting, Michael Silk, 2006/05/03
- Re: WAF functionality ala OWASP London Meeting, Jason, 2006/05/04
- RE: WAF functionality ala OWASP London Meeting, Omar Salvador Alcalá Ruiz, 2006/05/03
OWASP May chapter meetings, Andrew van der Stock, 2006/05/03
By default, the Verifier is disabled on .Net and Java, Dinis Cruz, 2006/05/03
- Re: [WEB SECURITY] By default, the Verifier is disabled on .Net and Java, Stephen de Vries, 2006/05/03
- Re: By default, the Verifier is disabled on .Net and Java, Roman H., 2006/05/03
Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Amit Klein (AKsecurity), 2006/05/03
- Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Brian Eaton, 2006/05/03
  - Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Brian Eaton, 2006/05/03
  - Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Pilon Mntry, 2006/05/03
  - Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Amit Klein (AKsecurity), 2006/05/03
- Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Achim Hoffmann, 2006/05/03
  - Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Peter Watkins, 2006/05/03
  - Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Amit Klein (AKsecurity), 2006/05/03
- Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Amit Klein (AKsecurity), 2006/05/04
- Re: Round-up: Ways to bypass HttpOnly (and HTTP Basic auth), Amit Klein (AKsecurity), 2006/05/06
Is logoff feature necessary, test . future, 2006/05/02
- Re: Is logoff feature necessary, Vicente Aguilera, 2006/05/03
- Re: Is logoff feature necessary, Daniel Persson, 2006/05/03
- Re: Is logoff feature necessary, Peter Conrad, 2006/05/03
- Re: Is logoff feature necessary, Luciano Miguel Ferreira Rocha, 2006/05/03
- Re: Is logoff feature necessary, ViersOnline, 2006/05/03
- RE: Is logoff feature necessary, Deepu Thomas Philip, 2006/05/03
- Re: Is logoff feature necessary, Michael Silk, 2006/05/03
- Re: Is logoff feature necessary, Dave Ferguson, 2006/05/03
- RE: Is logoff feature necessary, Rod Divilbiss, 2006/05/03
  - RE: Is logoff feature necessary, Auri Rahimzadeh, 2006/05/03
    - Administrivia: Is logoff feature necessary, Andrew van der Stock, 2006/05/03
    - RE: Is logoff feature necessary, Keith Duffin, 2006/05/03
    - Re: Is logoff feature necessary, Andrew van der Stock, 2006/05/03
- RE: Is logoff feature necessary, wa0qmj, 2006/05/03
- RE: Is logoff feature necessary, M. Burnett, 2006/05/03
- Re: Is logoff feature necessary, Robert Hajime Lanning, 2006/05/03
- Re: Is logoff feature necessary, Alexander Bolante, 2006/05/03
- Re: Is logoff feature necessary, Alexis FitzGerald, 2006/05/03
- RE: Is logoff feature necessary, wa0qmj, 2006/05/03
- RE: Is logoff feature necessary, André Gil, 2006/05/03
- RE: Is logoff feature necessary, Steven Rebello, 2006/05/03
- RE: Is logoff feature necessary, King, Stuart (REHQ-LON), 2006/05/03
- RE: Is logoff feature necessary, Jeff Robertson, 2006/05/03
- RE: Is logoff feature necessary, Popowycz, Alex, 2006/05/03
- RE: Is logoff feature necessary, Sarbjit Singh Gill, 2006/05/03
- RE: Is logoff feature necessary, Currey, Mick A, 2006/05/03
- RE: Is logoff feature necessary, Auri Rahimzadeh, 2006/05/03
- Is logoff feature necessary, intel96, 2006/05/04
- RE: Is logoff feature necessary, Auri Rahimzadeh, 2006/05/09
- RE: Is logoff feature necessary, Matt Fisher, 2006/05/10
  - Re: Is logoff feature necessary, Michael Silk, 2006/05/12
- RE: Is logoff feature necessary, Auri Rahimzadeh, 2006/05/10
  - RE: Is logoff feature necessary, Rod Divilbiss, 2006/05/11
    - RE: Is logoff feature necessary, Auri Rahimzadeh, 2006/05/12
    - Re: Is logoff feature necessary, Michael Silk, 2006/05/12
    - Re: Is logoff feature necessary, Adam Tuliper, 2006/05/13
    - RE: Is logoff feature necessary, Auri Rahimzadeh, 2006/05/13
- RE: Is logoff feature necessary, Matt Fisher, 2006/05/12
Re: Vista and the Type Safe missed oportunity (was Re: [SC-L] New security website: darkreading ), George Capehart, 2006/05/02
Re: OT: Inserting Ads without breaking the SSL, elawford, 2006/05/02
Re: Poll: Emerging Threats, Jon R. Kibler, 2006/05/02
Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Dinis Cruz, 2006/05/02
- Re: [WEB SECURITY] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Achim Hoffmann, 2006/05/02
  - Re: [WEB SECURITY] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Dinis Cruz, 2006/05/02
    - Re: [WEB SECURITY] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Achim Hoffmann, 2006/05/03
    - Re: [WEB SECURITY] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Dinis Cruz, 2006/05/03
Regeneration of Session Tokens (from the OWASP Guide), Pilon Mntry, 2006/05/02
- RE: Regeneration of Session Tokens (from the OWASP Guide), M. Burnett, 2006/05/03
  - RE: Regeneration of Session Tokens (from the OWASP Guide), Pilon Mntry, 2006/05/03
RE: Web Site Certification, ROB DIXON, 2006/05/02
Re: [WEB SECURITY] Review of Owasp-London Chapter meeting on WAF (Web Application Firewalls), Dinis Cruz, 2006/05/02
Googling or Google Hacking Security Conference slides, newslist@security-briefings.com, 2006/05/01
- Re: Googling or Google Hacking Security Conference slides, Klientu aptarnavimas, 2006/05/09
- RE: Googling or Google Hacking Security Conference slides, Craig Wright, 2006/05/10
yahoo mail login security, Ace123, 2006/05/01
- Re: yahoo mail login security, Andrew van der Stock, 2006/05/01
- Re: yahoo mail login security, ROB DIXON, 2006/05/02
- RE: yahoo mail login security, Matt Fisher, 2006/05/02
- Re: yahoo mail login security, Ace123, 2006/05/02
  - Re: yahoo mail login security, Sels, Roger, 2006/05/03
    - Re: yahoo mail login security, Ace123, 2006/05/03
    - Re: yahoo mail login security, Sels, Roger, 2006/05/03
- Re: Re: yahoo mail login security, Damon Leung, 2006/05/03
  - Re: Re: yahoo mail login security, Darren Bounds, 2006/05/05
    - Re: Re: yahoo mail login security, Prakash Kailasa, 2006/05/05
    - Re: Re: yahoo mail login security, Darren Bounds, 2006/05/06
Re: cookies a fundamental threat?, chris m, 2006/05/01
- Re: [WEB SECURITY] Re: cookies a fundamental threat (or risk)?, Pilon Mntry, 2006/05/01
Re: [WEB SECURITY] cookies a fundamental threat?, Achim Hoffmann, 2006/05/01
- Re: [WEB SECURITY] cookies a fundamental threat?, Brian Eaton, 2006/05/02
  - Re: [WEB SECURITY] cookies a fundamental threat?, Achim Hoffmann, 2006/05/02
    - Re: [WEB SECURITY] cookies a fundamental threat?, Brian Eaton, 2006/05/03
    - Re: [WEB SECURITY] cookies a fundamental threat?, Achim Hoffmann, 2006/05/03
- Re: [WEB SECURITY] cookies a fundamental threat?, Achim Hoffmann, 2006/05/03
- RE: [WEB SECURITY] cookies a fundamental threat?, Tom Stripling, 2006/05/03
  - Re: [WEB SECURITY] cookies a fundamental threat?, Achim Hoffmann, 2006/05/03
- RE: [WEB SECURITY] cookies a fundamental threat?, Martin O'Neal, 2006/05/03
- Re: [WEB SECURITY] cookies a fundamental threat?, Achim Hoffmann, 2006/05/03
- RE: [WEB SECURITY] cookies a fundamental threat?, Martin O'Neal, 2006/05/03
- RE: [WEB SECURITY] cookies a fundamental threat?, Tom Stripling, 2006/05/03
- RE: [WEB SECURITY] cookies a fundamental threat?, Evans, Arian, 2006/05/09
  - Re: [WEB SECURITY] cookies a fundamental threat?, Brian Eaton, 2006/05/10
- RE: [WEB SECURITY] cookies a fundamental threat?, Evans, Arian, 2006/05/10