Network Security Archives

August 31, 2006

OWASP Autumn Of Code 2006, Dinis Cruz, 23:31
Re: Xoop, Josh Zlatin-Amishav, 23:21
rewrite rule for apache, bituman, 23:21
Re: Xoop, Vlad, 23:11
Xoop, Vlad, 00:30
need help with webgoat, Tomaz Korosec, 00:20
Re: Enumerate Web Virtual Site, Hemil, 00:20
Re: Cookie poisoning without XSS, Kanatoko, 00:20

August 30, 2006

Re: Enumerate Web Virtual Site, scott, 04:31

August 29, 2006

Re: Enumerate Web Virtual Site, Jack Tennessee, 23:09
Re: Enumerate Web Virtual Site, Sheryl, 22:18
Re: Re: Mozilla Firefox can't disable browser cache. Why?, smith . norton, 20:27
Re: Enumerate Web Virtual Site, Andres Riancho, 19:27
Re: Enumerate Web Virtual Site, solutions_PHP, 18:56
Enumerate Web Virtual Site, Roger Liu, 16:05

August 26, 2006

[Full-disclosure] AttackAPI 0.5 (JavaScript tools), pdp (architect), 23:17

August 25, 2006

[Full-disclosure] Re: Re: Security researcher, Denis Jedig, 20:56
CIS Apache Benchmark security standard, Ralf Durkee, 20:46
RE: Cookie poisoning without XSS, Richard M. Smith, 20:26
Re: [Full-disclosure] Re: Security researcher, Thierry Zoller, 19:56
RE: Cookie poisoning without XSS, Ory Segal, 18:35
RE: Cookie poisoning without XSS, Richard M. Smith, 18:35
Re: Cookie poisoning without XSS, Dr HenDre, 18:25
Re: Cookie poisoning without XSS, Martin Straka, 18:15
Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Albert, 16:24
Cookie poisoning without XSS, Smith Norton, 16:14
Hacme Casino v1.0, alex.smolen, 00:07

August 24, 2006

RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Joseph Peloquin, 18:14
Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, René Palige, 15:03
Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms, Maxime Ducharme, 14:52
RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan, 14:22
Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, René Palige, 13:32
RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan, 12:52
RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Joseph Peloquin, 12:52
Re: Mozilla Firefox can't disable browser cache. Why?, Damien Watson, 12:52
Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan, 07:09
Re: Mozilla Firefox can't disable browser cache. Why?, Ron, 05:48
RE: Mozilla Firefox can't disable browser cache. Why?, Tony Stahler, 05:38
WiKID 2.1.1 released, Nick Owen, 05:38
Re: Mozilla Firefox can't disable browser cache. Why?, mark, 05:38
RE: Environment for testing WebApp Security Scanners, Evans, Arian, 05:28

August 23, 2006

Mozilla Firefox can't disable browser cache. Why?, smith . norton, 13:41

August 22, 2006

Administrivia: Time to choose, please vote, Andrew van der Stock, 22:45

August 21, 2006

Re: Administrivia: Move the list?, Andrew van der Stock, 13:20
Re: "hack-me" Ajax apps?, Andrew van der Stock, 11:59
Administrivia: Move the list?, Andrew van der Stock, 11:59
Re: testing compiled php, Robin Wood, 10:18
Re: testing compiled php, Robin Wood, 10:18

August 20, 2006

Re: testing compiled php, crazy frog crazy frog, 09:49
Re: testing compiled php, Attila-Mihaly Balazs, 09:39
Re: Corsaire White Paper: Assessing Java Clients with the BeanShell, Matthew Franz, 09:39
Re: Corsaire White Paper: Assessing Java Clients with the BeanShell, Stephen de Vries, 09:39

August 18, 2006

Re: Mitm new?, Nick Owen, 23:24
testing compiled php, Robin Wood, 23:14
Re: Mitm new?, mikeiscool, 14:31
RE: Comparison report on web app security scanners now translated to English, Holger.Peine, 14:21
Re: Mitm new?, Rogan Dawes, 14:21
(BLED) IPSI, Albert, 14:11
Re: Invitation, Slovenia and Italy; Journal Special Issues; c/bb, Stephen de Vries, 14:11
Re: Mitm new?, ROB DIXON, 14:01
Re: Dates Correction - World Summit on Intrusion Prevention, May 8-9, 2007, wsip, 14:01
Corsaire White Paper: Assessing Java Clients with the BeanShell, Stephen de Vries, 14:01

August 17, 2006

[Full-disclosure] RE: World Summit on Intrusion Prevention, Anthony J Biacco, 22:20
World Summit on Intrusion Prevention, wsip, 19:17
Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA, Richard Lindberg, 19:17
"hack-me" Ajax apps?, Jeff Robertson, 14:11
Re: Comparison report on web app security scanners now translated to English, Rogan Dawes, 14:11
Re: [WEB SECURITY] "hack-me" Ajax apps?, kurt, 14:11
Mitm new?, Jeff Robertson, 14:11
RE: [WEB SECURITY] "hack-me" Ajax apps?, Jeff Robertson, 14:11
Invitation, Slovenia and Italy; Journal Special Issues; c/bb, IPSI conference, 14:11
Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)", Amit Klein (AKsecurity), 14:11
Re: [SC-L] Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Pascal Meunier, 14:11
Re: Tomcat Security, davedevault, 14:11
[Full-disclosure] Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Dave Wichers, 14:10
[Full-disclosure] Re: JavaScript Lazy Authorization Forcer and Visited Link Scaner, mikeiscool, 14:09
JavaScript Lazy Authorization Forcer and Visited Link Scaner, pdp (architect), 14:09
(somewhat) breaking the same-origin policy by undermining dns-pinning, Martin Johns, 14:08
Technical note: under some conditions, it's possible to steal HTTP credentials using Flash, Amit Klein (AKsecurity), 14:07
[Full-disclosure] RE: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Dave Wichers, 14:05
JavaScript get Internal Address (thanks to DanBUK), pdp (architect), 14:05
Re: [Full-disclosure] JavaScript get Internal Address (thanks to DanBUK), pdp (architect), 14:05
Re: [Full-disclosure] JavaScript get Internal Address (thanks to DanBUK), Martin Dipo Zimmermann, 14:05
LAPSE: code auditing tool for Java, Benjamin Livshits, 14:04
Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, Brian Eaton, 14:04
RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, James Pujals, 14:02
RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, Caleb Sima, 14:02
Re: Parameter fuzzing and forced browsing, Ryan Barnett, 14:01
Comparison report on web app security scanners now translated to English, Holger.Peine, 14:01
Unable to disable browser caching in Firefox through HTTP headers, smith . norton, 14:01
Sending multipart/form-data requests from Flash (with arbitrary headers), Amit Klein (AKsecurity), 14:01
Re: Environment for testing WebApp Security Scanners, mikeiscool, 14:01
Re: Parameter fuzzing and forced browsing, mikeiscool, 14:01
Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, bugtraq, 14:01
Parameter fuzzing and forced browsing, indianwhitehathacker, 14:00
Re: Environment for testing WebApp Security Scanners, c0redump, 14:00
[Full-disclosure] more on browser trust, pdp (architect), 14:00
Re: Environment for testing WebApp Security Scanners, mikeiscool, 13:59
RE: Environment for testing WebApp Security Scanners, Mark Curphey, 13:59
Re: Environment for testing WebApp Security Scanners, Dean H. Saxe, 13:59
Re: Environment for testing WebApp Security Scanners, Gerald Quakenbush, 13:59
Re: Environment for testing WebApp Security Scanners, mikeiscool, 13:59
Re: Environment for testing WebApp Security Scanners, Dean H. Saxe, 13:59
Paros 3.2.13 release, contact, 13:59
RE: Environment for testing WebApp Security Scanners, Brokken, Allen P., 13:59

August 08, 2006

XSSing the Lan 3 (web trojans.. not a new idea), pdp (architect), 09:29
Re: [Full-disclosure] Attacking the local LAN via XSS, Dude VanWinkle, 08:59
Re: Environment for testing WebApp Security Scanners, Roman H., 07:28
RE: Environment for testing WebApp Security Scanners, Mark Curphey, 07:28

August 07, 2006

SF new column announcement: E-mail privacy in the workplace, Craig Wright, 23:05
Environment for testing WebApp Security Scanners, René Palige, 22:55
Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper], SPI Labs, 19:23
Re: [Full-disclosure] Attacking the local LAN via XSS, Nikolay Kubarelov, 19:03

August 06, 2006

ARES 2007: Call for workshop proposals, deadline Sept 10, 2006, Manh Tho, 19:52

August 04, 2006

Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect), 08:45
Re[2]: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller, 07:45
Re: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect), 06:14
Re: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller, 05:54
Re: [Full-disclosure] Attacking the local LAN via XSS, Schanulleke, 03:03

August 03, 2006

[Full-disclosure] Attacking the local LAN via XSS, pdp (architect), 21:31

August 02, 2006

Re: OS XSS and SQL scanner, Rogan Dawes, 20:03
RE: OS XSS and SQL scanner, Dean H. Saxe, 19:32
Re: AppSec tools, Dhruv Soi, 12:44
Re: OS XSS and SQL scanner, Devdas Bhagat, 12:34
Re: OS XSS and SQL scanner, Dean H. Saxe, 12:24
Re: OS XSS and SQL scanner, Dean H. Saxe, 12:14
RE: OS XSS and SQL scanner, Burke, Charles, 12:14
Re: OS XSS and SQL scanner, Eoin, 12:04
[Full-disclosure] Re: JavaScript port scanning, pdp (architect), 10:32
[Full-disclosure] Re: JavaScript port scanning, pdp (architect), 10:32
JavaScript port scanner, pdp (architect), 06:29
Re: OS XSS and SQL scanner, Rory McCune, 04:48
Re: OS XSS and SQL scanner, Dean H. Saxe, 03:17
RE: SF new column announcement: E-mail privacy in the workplace, Craig Wright, 00:26

August 01, 2006

RE: OS XSS and SQL scanner, Arian J. Evans, 19:54
Fwd: SF new column announcement: E-mail privacy in the workplace, Andrew van der Stock, 19:44
AppSec tools, it_strategy, 18:33
Re: IEEE Web Security Special, Eoin, 09:47
RE: [WEB SECURITY] Reminder: WASC Meet-up at Black Hat (USA 2006), contact, 01:23
IEEE Web Security Special, Mark Curphey, 01:23
RE: OS XSS and SQL scanner, Mandeep Khera, 01:23
Reminder: WASC Meet-up at Black Hat (USA 2006), contact, 01:13
Re: OS XSS and SQL scanner, Dean H. Saxe, 01:13