Web Application Security (thread)

Spike PHP Security Audit Tool, solutions_PHP, 2006/07/31
OS XSS and SQL scanner, Cherian Thomas, 2006/07/31
Correct Session Authentication, xbennx, 2006/07/29
- Re: Correct Session Authentication, Siim Põder, 2006/07/29
- Re: Correct Session Authentication, Balazs Attila-Mihaly (Cd-MaN), 2006/07/29
  - Re: Correct Session Authentication, Dean H. Saxe, 2006/07/30
- Re: Correct Session Authentication, Santiago Rocandio, 2006/07/29
ANNOUNCING: 3rd annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Dave Wichers, 2006/07/26
Administrivia: Delays in dealing with posts next three weeks, Andrew van der Stock, 2006/07/26
Write-up by Amit Klein: "Forging HTTP request headers with Flash", Amit Klein (AKsecurity), 2006/07/24
- ERRATA (Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash"), Amit Klein (AKsecurity), 2006/07/26
- RE: Write-up by Amit Klein: "Forging HTTP request headers with Flash", James Pujals, 2006/07/27
  - RE: Write-up by Amit Klein: "Forging HTTP request headers with Flash", Amit Klein (AKsecurity), 2006/07/27
    - RE: Write-up by Amit Klein: "Forging HTTP request headers with Flash", James Pujals, 2006/07/27
    - RE: Write-up by Amit Klein: "Forging HTTP request headers with Flash", Amit Klein (AKsecurity), 2006/07/27
Fwd: SF new article announcement: After an Exploit: mitigation and remediation, Andrew van der Stock, 2006/07/24
Identity 2.0, Evans, Arian, 2006/07/21
Code Review for Critical Application e.g Internet banking, John Greiter, 2006/07/21
- RE: Code Review for Critical Application e.g Internet banking, Andrew Chong, 2006/07/21
- Re: Code Review for Critical Application e.g Internet banking, mike, 2006/07/22
Protecting posted variables, billy . sailing, 2006/07/21
- Re: Protecting posted variables, Serg B., 2006/07/21
- Re: Protecting posted variables, mikeiscool, 2006/07/21
- RE: Protecting posted variables, Andrew Chong, 2006/07/21
- Re: Protecting posted variables, Rogan Dawes, 2006/07/21
  - RE: Protecting posted variables, Debasis Mohanty, 2006/07/21
- Re: Protecting posted variables, Meder Kydyraliev, 2006/07/21
- Re: Protecting posted variables, Brian Rectanus, 2006/07/22
- RE: Protecting posted variables, Damhuis Anton, 2006/07/21
Disable SSL v2 ciphers on IIS 5.0, secmail . lists, 2006/07/18
- Re: Disable SSL v2 ciphers on IIS 5.0, Eoin Miller, 2006/07/19
- RE: Disable SSL v2 ciphers on IIS 5.0, Doug Markiewicz, 2006/07/19
  - RE: Disable SSL v2 ciphers on IIS 5.0, xxradar, 2006/07/20
Cookies as the second factor, Jeff Robertson, 2006/07/18
- Re: Cookies as the second factor, Rogan Dawes, 2006/07/18
  - Re: Cookies as the second factor, Robin Wood, 2006/07/18
    - Re: Cookies as the second factor, Rogan Dawes, 2006/07/18
    - RE: Cookies as the second factor, Matt Fisher, 2006/07/18
    - Re: Cookies as the second factor, Andrew van der Stock, 2006/07/18
    - RE: Cookies as the second factor, Randy Ollett, 2006/07/18
    - RE: Cookies as the second factor, Andrew Chong, 2006/07/18
    - RE: Cookies as the second factor, Ken Kousky, 2006/07/18
  - Re: Cookies as the second factor, Ryan Barnett, 2006/07/18
    - RE: Cookies as the second factor, Jeff Robertson, 2006/07/18
    - RE: Cookies as the second factor, Matt Fisher, 2006/07/18
  - Re: Cookies as the second factor, Darren Bounds, 2006/07/18
    - Re: Cookies as the second factor, mikeiscool, 2006/07/18
    - Re: Cookies as the second factor, Darren Bounds, 2006/07/18
- Re: Cookies as the second factor, Nick Owen, 2006/07/18
- Re: Cookies as the second factor, Ryan Barnett, 2006/07/18
- RE: Cookies as the second factor, Arian J. Evans, 2006/07/20
  - RE: Cookies as the second factor, Jeff Robertson, 2006/07/20
    - Re: Cookies as the second factor, Robert Hajime Lanning, 2006/07/20
    - Re: Cookies as the second factor, Peter Watkins, 2006/07/21
  - Re: Cookies as the second factor, Eoin, 2006/07/25
    - RE: Cookies as the second factor, Arian J. Evans, 2006/07/25
RUXCON 2006 Final Call For Papers, cfp, 2006/07/18
PacSec 2006 CALL FOR PAPERS (Deadline Aug. 4; Event Nov. 27-30), Dragos Ruiu, 2006/07/18
Is there an Open Source Vulnerability Analysis Framework?, Steve Armstrong, 2006/07/14
- Re: Is there an Open Source Vulnerability Analysis Framework?, killy, 2006/07/16
- Re: Is there an Open Source Vulnerability Analysis Framework?, Gareth Davies, 2006/07/17
- Re: Is there an Open Source Vulnerability Analysis Framework?, Christian Martorella, 2006/07/17
Preliminary CFP:The 2nd International Conference on Availability, Reliability and Security (ARES 07), Vienna, Austria, April 10-13, 2007, Manh Tho, 2006/07/13
Convenience or just bad design?, Saqib Ali, 2006/07/13
- RE: Convenience or just bad design?, Robert D. Holtz, 2006/07/13
Oracle SQL Injection, Mark Keegan, 2006/07/13
- Re: Oracle SQL Injection, Tim, 2006/07/13
  - Re: Oracle SQL Injection, Cesar, 2006/07/13
  - Re: Oracle SQL Injection, Andrew van der Stock, 2006/07/13
  - RE: Oracle SQL Injection, Mark Keegan, 2006/07/13
    - Re: Oracle SQL Injection, Tim, 2006/07/13
    - RE: Oracle SQL Injection, Mark Keegan, 2006/07/13
    - RE: Oracle SQL Injection, Integrigy, 2006/07/13
- Re: Oracle SQL Injection, Esteban Martinez Fayo, 2006/07/13
RE: Intrusion Detection, Jeremy_Powell, 2006/07/13
How to perform SSL certificate validation ?, Nagareshwar Talekar, 2006/07/13
- Re: How to perform SSL certificate validation ?, Ron, 2006/07/13
- RE: How to perform SSL certificate validation ?, Dominick Baier, 2006/07/13
- Re: How to perform SSL certificate validation ?, Max, 2006/07/13
  - Re: How to perform SSL certificate validation ?, Nagareshwar Talekar, 2006/07/13
- How to perform SSL certificate validation ?, Nagareshwar Talekar, 2006/07/13
- RE: How to perform SSL certificate validation ?, Wall, Kevin, 2006/07/13
  - Re: How to perform SSL certificate validation ?, Nagareshwar Talekar, 2006/07/13
    - Message not available
    - Fwd: How to perform SSL certificate validation ?, Mugdha Bendre, 2006/07/13
    - Re: Fwd: How to perform SSL certificate validation ?, Devdas Bhagat, 2006/07/30
- Re: How to perform SSL certificate validation ?, paseidon76, 2006/07/15
  - Re: How to perform SSL certificate validation ?, Jason, 2006/07/15
RFID and Banking, Chris Chandler, 2006/07/13
DMZ and critical data, Pedro Henrique Morsch Mazzoni, 2006/07/13
- Re: DMZ and critical data, èç, 2006/07/13
- RE: DMZ and critical data, Brian J. Bartlett, 2006/07/13
  - Re: DMZ and critical data, Mohammad Ali Sarbanha, 2006/07/13
- Intrusion Detection, David Robert, 2006/07/13
  - Re: Intrusion Detection, Ivan Ristic, 2006/07/13
  - Re: Intrusion Detection, Jamie Riden, 2006/07/13
  - Re: Intrusion Detection, Daniel Cid, 2006/07/13
    - Re: Intrusion Detection, David Ryan, 2006/07/13
  - Re: Intrusion Detection, skarvin, 2006/07/13
- Re: DMZ and critical data, sarbanha, 2006/07/13
  - Message not available
    - Re: DMZ and critical data, Ken Adler - QDSP, CISSP, PMP, CISA, 2006/07/13
RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google, Martin O'Neal, 2006/07/13
- RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google, PPowenski, 2006/07/13
RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google, Martin O'Neal, 2006/07/13
- RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google, tcp fin, 2006/07/13
[Full-disclosure] Cross Site Scripting in Google, RSnake, 2006/07/13
- Re: [WEB SECURITY] Cross Site Scripting in Google, bugtraq, 2006/07/13
  - [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google, RSnake, 2006/07/13
    - Re: [WEB SECURITY] Cross Site Scripting in Google, Collin Jackson, 2006/07/13
    - Re: [WEB SECURITY] Cross Site Scripting in Google, RSnake, 2006/07/13
    - Re: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google, Javor Ninov, 2006/07/13
OWASP Java Project: Call for volunteers, Stephen de Vries, 2006/07/13
DEF CON 14: Speakers Selected and more., The Dark Tangent, 2006/07/13
Webscarab how to?, mr . nasty, 2006/07/13
- Re: Webscarab how to?, Jezebel Ali, 2006/07/13
  - Re: Webscarab how to?, Rogan Dawes, 2006/07/13
- Re: Re: Webscarab how to?, mr . nasty, 2006/07/13
  - Re: Webscarab how to?, Rogan Dawes, 2006/07/13
- RE: Re: Webscarab how to?, PPowenski, 2006/07/13
- Re: RE: Re: Webscarab how to?, f_kenisky, 2006/07/13
  - Re: RE: Re: Webscarab how to?, c0redump, 2006/07/13
  - Re: Webscarab how to?, Rogan Dawes, 2006/07/13
Fwd: SF new column announcement: MySpace, a place without MyParents, Andrew van der Stock, 2006/07/13
Foundstone Hacme Bank Videos Online, Mark Curphey, 2006/07/13
Two-Factor Authentication on the Web, RSD, 2006/07/13
- Re: Two-Factor Authentication on the Web, Peter Morgan, 2006/07/13
- Re: Two-Factor Authentication on the Web, Saqib Ali, 2006/07/13
- RE: Two-Factor Authentication on the Web, Harper.Matthew, 2006/07/13
  - Re: Two-Factor Authentication on the Web, Tim, 2006/07/13
    - Re: Two-Factor Authentication on the Web, Pete Herzog, 2006/07/13
    - RE: Two-Factor Authentication on the Web, LM, 2006/07/13
    - Directed phishing attacks- protection methods, Joshua Perrymon, 2006/07/13
    - Re: Two-Factor Authentication on the Web, Devdas Bhagat, 2006/07/17
  - Re: Two-Factor Authentication on the Web, Nick Owen, 2006/07/13
    - Re: Two-Factor Authentication on the Web, Tim, 2006/07/13
    - RE: Two-Factor Authentication on the Web, Christian Kanakis, 2006/07/13
    - Re: Two-Factor Authentication on the Web, Andrew van der Stock, 2006/07/13
    - Re: Two-Factor Authentication on the Web, Tim, 2006/07/13
    - RE: Two-Factor Authentication on the Web, James Pujals, 2006/07/13
    - Re: Two-Factor Authentication on the Web, Tim, 2006/07/13
    - RE: Two-Factor Authentication on the Web, James Pujals, 2006/07/13
- Re: Two-Factor Authentication on the Web, Andrew van der Stock, 2006/07/13
- RE: Two-Factor Authentication on the Web, King, Stuart (REHQ-LON), 2006/07/13
- RE: Two-Factor Authentication on the Web, Gaydosh, Adam, 2006/07/13
- RE: Two-Factor Authentication on the Web, Glenn.Everhart, 2006/07/13
  - Re: Two-Factor Authentication on the Web, Andrew van der Stock, 2006/07/13
    - RE: Two-Factor Authentication on the Web, Lyal Collins, 2006/07/13
- RE: Two-Factor Authentication on the Web, Popowycz, Alex, 2006/07/13
- RE: Two-Factor Authentication on the Web, Popowycz, Alex, 2006/07/13
  - RE: Two-Factor Authentication on the Web, Lyal Collins, 2006/07/13
- RE: Two-Factor Authentication on the Web, PPowenski, 2006/07/13
  - [Full-disclosure] Re: Two-Factor Authentication on the Web, mikeiscool, 2006/07/13
Security Breaches Pandemic - Deloitte Touche 2006 Global Security Survey, Saqib Ali, 2006/07/13
SyScan'06 Highlight - Is Phone Banking Safe?, thomas48, 2006/07/13
Fwd: SF new article announcement: Strider URL Tracer with Typo Patrol, Andrew van der Stock, 2006/07/13
OWASP PHP Top 5 published, Andrew van der Stock, 2006/07/13
[Full-disclosure] Jython Shell, pdp (architect), 2006/07/13
New version of WebScarab released, Rogan Dawes, 2006/07/13
Update to Ajax Security Article on Security Focus, Andrew van der Stock, 2006/07/13
Fwd: SF new article announcement: Ajax security basics, Andrew van der Stock, 2006/07/13
New Version of FireMaster ( Firefox Master Password Recovery Tool ) is released, Nagareshwar Talekar, 2006/07/13
Announcement: 'The Web Security Mailing List' RSS Feed now available, contact, 2006/07/13
[Full-disclosure] SyScan'06 Highlight - Attacking Microsoft New Operating System (Vista), thomas48, 2006/07/13
WASC Meet-up at Black Hat (USA 2006), contact, 2006/07/13
Whitepaper on AJAX Storage, Mark Curphey, 2006/07/13
ZeroBoard Attacks in the Wild, Mark Ryan del Moral Talabis, 2006/07/13
Foundstone Free Tools Released, Mark Curphey, 2006/07/13
Official release of SQL Power Injector 1.1, Francois Larouche, 2006/07/13
RE: Win2k3 logging the IP address of failed FTP attempts, Evans, Arian, 2006/07/13
- RE: Win2k3 logging the IP address of failed FTP attempts, Bob Auger, 2006/07/13
Black Hat Speakers + 2005 Content on-line, Jeff Moss, 2006/07/13
Tagworld XSS, RSnake, 2006/07/13
Re: OT: Inserting Ads without breaking the SSL, Saqib Ali, 2006/07/13
OT: Win2k3 logging the IP address of failed FTP attempts, Ian, 2006/07/13
- RE: OT: Win2k3 logging the IP address of failed FTP attempts, Adam Tuliper, 2006/07/13
  - RE: OT: Win2k3 logging the IP address of failed FTP attempts, Ian, 2006/07/13
- Re: OT: Win2k3 logging the IP address of failed FTP attempts, Rob Creely, 2006/07/13
New stuff at OWASP, Jeff Williams, 2006/07/13
WebScarab Fuzzer, Jason Murray, 2006/07/13
- Re: WebScarab Fuzzer, Vlad, 2006/07/13
- Re: WebScarab Fuzzer, Rogan Dawes, 2006/07/13
- RE: WebScarab Fuzzer, Holger.Peine, 2006/07/13
Fwd: A few related links: (Was Re: MasterCard backs off Security, Leave Cardholders at Risk), Ken Adler - QDSP, CISSP, PMP, CISA, 2006/07/13
phpAdsNew Activity, Mark Ryan del Moral Talabis, 2006/07/13
Academic papers on Web application security, Benjamin Livshits, 2006/07/13
- Re: Academic papers on Web application security, mike andrews, 2006/07/13
Re: AppSic, George Capehart, 2006/07/13
Re: Salt Storage - web.config or database?, Steve Barnet, 2006/07/13
- RE: Salt Storage - web.config or database?, James Pujals, 2006/07/13
  - Re: Salt Storage - web.config or database?, Steve Barnet, 2006/07/13
MasterCard backs off Security, Leave Cardholders at Risk, auto471292, 2006/07/13
- Re: MasterCard backs off Security, Leave Cardholders at Risk, fscwi, 2006/07/13
- RE: MasterCard backs off Security, Leave Cardholders at Risk, Evans, Arian, 2006/07/13
- RE: MasterCard backs off Security, Leave Cardholders at Risk, Craig Wright, 2006/07/13
- RE: MasterCard backs off Security, Leave Cardholders at Risk, Evans, Arian, 2006/07/13
- RE: MasterCard backs off Security, Leave Cardholders at Risk, Craig Wright, 2006/07/13
- RE: MasterCard backs off Security, Leave Cardholders at Risk, David P. Durko, 2006/07/13
- RE: MasterCard backs off Security, Leave Cardholders at Risk, Craig Wright, 2006/07/13
- Re: RE: MasterCard backs off Security, Leave Cardholders at Risk, erez, 2006/07/13
Administrivia & SF new column announcement: Browsers, phishing, and user interface design, Andrew van der Stock, 2006/07/13
Free Software Security Seminar Series (USA), Mark Curphey, 2006/07/13
Re: How to create (hijacking) secure HTTP sessions?, Robin Wood, 2006/07/13
- Re: How to create (hijacking) secure HTTP sessions?, ascii, 2006/07/13
  - Re: How to create (hijacking) secure HTTP sessions?, Rogan Dawes, 2006/07/13
    - Re: How to create (hijacking) secure HTTP sessions?, ascii, 2006/07/13
  - Re: How to create (hijacking) secure HTTP sessions?, stefano, 2006/07/13
- Re: How to create (hijacking) secure HTTP sessions?, Michael Decker, 2006/07/13
- Re: How to create (hijacking) secure HTTP sessions?, Michael Decker, 2006/07/13
  - Re: How to create (hijacking) secure HTTP sessions?, Nathan Keltner, 2006/07/13
- RE: How to create (hijacking) secure HTTP sessions?, Evans, Arian, 2006/07/13
- RE: How to create (hijacking) secure HTTP sessions?, Evans, Arian, 2006/07/13