Web Application Security (thread)

OWASP Autumn Of Code 2006, Dinis Cruz, 2006/08/31
rewrite rule for apache, bituman, 2006/08/31
Xoop, Vlad, 2006/08/31
- Re: Xoop, Josh Zlatin-Amishav, 2006/08/31
- Re: Xoop, Vlad, 2006/08/31
Enumerate Web Virtual Site, Roger Liu, 2006/08/29
- Re: Enumerate Web Virtual Site, solutions_PHP, 2006/08/29
  - need help with webgoat, Tomaz Korosec, 2006/08/31
- Re: Enumerate Web Virtual Site, Andres Riancho, 2006/08/29
  - Re: Enumerate Web Virtual Site, Sheryl, 2006/08/29
    - Re: Enumerate Web Virtual Site, scott, 2006/08/30
  - Re: Enumerate Web Virtual Site, Hemil, 2006/08/31
- Re: Enumerate Web Virtual Site, Jack Tennessee, 2006/08/29
[Full-disclosure] AttackAPI 0.5 (JavaScript tools), pdp (architect), 2006/08/26
CIS Apache Benchmark security standard, Ralf Durkee, 2006/08/25
Re: [Full-disclosure] Re: Security researcher, Thierry Zoller, 2006/08/25
- [Full-disclosure] Re: Re: Security researcher, Denis Jedig, 2006/08/25
Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Albert, 2006/08/25
Cookie poisoning without XSS, Smith Norton, 2006/08/25
- Re: Cookie poisoning without XSS, Martin Straka, 2006/08/25
- Re: Cookie poisoning without XSS, Dr HenDre, 2006/08/25
- RE: Cookie poisoning without XSS, Richard M. Smith, 2006/08/25
- RE: Cookie poisoning without XSS, Richard M. Smith, 2006/08/25
- Re: Cookie poisoning without XSS, Kanatoko, 2006/08/31
- RE: Cookie poisoning without XSS, Ory Segal, 2006/08/25
Hacme Casino v1.0, alex.smolen, 2006/08/25
Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms, Maxime Ducharme, 2006/08/24
RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Joseph Peloquin, 2006/08/24
- RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Joseph Peloquin, 2006/08/24
WiKID 2.1.1 released, Nick Owen, 2006/08/24
Mozilla Firefox can't disable browser cache. Why?, smith . norton, 2006/08/23
- Re: Mozilla Firefox can't disable browser cache. Why?, mark, 2006/08/24
- RE: Mozilla Firefox can't disable browser cache. Why?, Tony Stahler, 2006/08/24
- Re: Mozilla Firefox can't disable browser cache. Why?, Ron, 2006/08/24
  - Re: Mozilla Firefox can't disable browser cache. Why?, Damien Watson, 2006/08/24
- Re: Re: Mozilla Firefox can't disable browser cache. Why?, smith . norton, 2006/08/29
Administrivia: Time to choose, please vote, Andrew van der Stock, 2006/08/22
Administrivia: Move the list?, Andrew van der Stock, 2006/08/21
- Re: Administrivia: Move the list?, Andrew van der Stock, 2006/08/21
testing compiled php, Robin Wood, 2006/08/18
- Re: testing compiled php, Attila-Mihaly Balazs, 2006/08/20
  - Re: testing compiled php, Robin Wood, 2006/08/21
- Re: testing compiled php, crazy frog crazy frog, 2006/08/20
  - Re: testing compiled php, Robin Wood, 2006/08/21
(BLED) IPSI, Albert, 2006/08/18
Re: Dates Correction - World Summit on Intrusion Prevention, May 8-9, 2007, wsip, 2006/08/18
Corsaire White Paper: Assessing Java Clients with the BeanShell, Stephen de Vries, 2006/08/18
- Message not available
  - Re: Corsaire White Paper: Assessing Java Clients with the BeanShell, Stephen de Vries, 2006/08/20
- Re: Corsaire White Paper: Assessing Java Clients with the BeanShell, Matthew Franz, 2006/08/20
World Summit on Intrusion Prevention, wsip, 2006/08/17
- [Full-disclosure] RE: World Summit on Intrusion Prevention, Anthony J Biacco, 2006/08/17
"hack-me" Ajax apps?, Jeff Robertson, 2006/08/17
- Re: "hack-me" Ajax apps?, Andrew van der Stock, 2006/08/21
Mitm new?, Jeff Robertson, 2006/08/17
- Re: Mitm new?, Rogan Dawes, 2006/08/18
- Re: Mitm new?, mikeiscool, 2006/08/18
- Re: Mitm new?, Nick Owen, 2006/08/18
- Re: Mitm new?, ROB DIXON, 2006/08/18
RE: [WEB SECURITY] "hack-me" Ajax apps?, Jeff Robertson, 2006/08/17
- Re: [WEB SECURITY] "hack-me" Ajax apps?, kurt, 2006/08/17
Invitation, Slovenia and Italy; Journal Special Issues; c/bb, IPSI conference, 2006/08/17
- Re: Invitation, Slovenia and Italy; Journal Special Issues; c/bb, Stephen de Vries, 2006/08/18
Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)", Amit Klein (AKsecurity), 2006/08/17
Re: Tomcat Security, davedevault, 2006/08/17
[Full-disclosure] Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Dave Wichers, 2006/08/17
- Re: [SC-L] Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Pascal Meunier, 2006/08/17
- Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA, Richard Lindberg, 2006/08/17
JavaScript Lazy Authorization Forcer and Visited Link Scaner, pdp (architect), 2006/08/17
- [Full-disclosure] Re: JavaScript Lazy Authorization Forcer and Visited Link Scaner, mikeiscool, 2006/08/17
(somewhat) breaking the same-origin policy by undermining dns-pinning, Martin Johns, 2006/08/17
Technical note: under some conditions, it's possible to steal HTTP credentials using Flash, Amit Klein (AKsecurity), 2006/08/17
[Full-disclosure] RE: ANNOUNCING: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA, Dave Wichers, 2006/08/17
JavaScript get Internal Address (thanks to DanBUK), pdp (architect), 2006/08/17
- Re: [Full-disclosure] JavaScript get Internal Address (thanks to DanBUK), Martin Dipo Zimmermann, 2006/08/17
  - Re: [Full-disclosure] JavaScript get Internal Address (thanks to DanBUK), pdp (architect), 2006/08/17
LAPSE: code auditing tool for Java, Benjamin Livshits, 2006/08/17
Comparison report on web app security scanners now translated to English, Holger.Peine, 2006/08/17
- Re: Comparison report on web app security scanners now translated to English, Rogan Dawes, 2006/08/17
- RE: Comparison report on web app security scanners now translated to English, Holger.Peine, 2006/08/18
Unable to disable browser caching in Firefox through HTTP headers, smith . norton, 2006/08/17
Sending multipart/form-data requests from Flash (with arbitrary headers), Amit Klein (AKsecurity), 2006/08/17
Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, bugtraq, 2006/08/17
- RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, Caleb Sima, 2006/08/17
- RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, James Pujals, 2006/08/17
  - Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, Brian Eaton, 2006/08/17
Parameter fuzzing and forced browsing, indianwhitehathacker, 2006/08/17
- Re: Parameter fuzzing and forced browsing, mikeiscool, 2006/08/17
  - Re: Parameter fuzzing and forced browsing, Ryan Barnett, 2006/08/17
[Full-disclosure] more on browser trust, pdp (architect), 2006/08/17
Paros 3.2.13 release, contact, 2006/08/17
XSSing the Lan 3 (web trojans.. not a new idea), pdp (architect), 2006/08/08
Environment for testing WebApp Security Scanners, René Palige, 2006/08/07
- RE: Environment for testing WebApp Security Scanners, Mark Curphey, 2006/08/08
- Re: Environment for testing WebApp Security Scanners, Roman H., 2006/08/08
- RE: Environment for testing WebApp Security Scanners, Brokken, Allen P., 2006/08/17
  - Re: Environment for testing WebApp Security Scanners, Dean H. Saxe, 2006/08/17
    - Re: Environment for testing WebApp Security Scanners, Gerald Quakenbush, 2006/08/17
    - RE: Environment for testing WebApp Security Scanners, Mark Curphey, 2006/08/17
    - Re: Environment for testing WebApp Security Scanners, mikeiscool, 2006/08/17
    - Re: Environment for testing WebApp Security Scanners, Dean H. Saxe, 2006/08/17
    - Re: Environment for testing WebApp Security Scanners, mikeiscool, 2006/08/17
    - Re: Environment for testing WebApp Security Scanners, c0redump, 2006/08/17
    - Re: Environment for testing WebApp Security Scanners, mikeiscool, 2006/08/17
- RE: Environment for testing WebApp Security Scanners, Evans, Arian, 2006/08/24
  - Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan, 2006/08/24
    - Message not available
    - Message not available
    - RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan, 2006/08/24
    - Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, René Palige, 2006/08/24
    - Message not available
    - Message not available
    - RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, Enis Karaarslan, 2006/08/24
    - Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners, René Palige, 2006/08/24
Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper], SPI Labs, 2006/08/07
ARES 2007: Call for workshop proposals, deadline Sept 10, 2006, Manh Tho, 2006/08/06
[Full-disclosure] Attacking the local LAN via XSS, pdp (architect), 2006/08/03
- Re: [Full-disclosure] Attacking the local LAN via XSS, Schanulleke, 2006/08/04
- Re: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller, 2006/08/04
  - Re: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect), 2006/08/04
    - Re[2]: [Full-disclosure] Attacking the local LAN via XSS, Thierry Zoller, 2006/08/04
    - Re: Re[2]: [Full-disclosure] Attacking the local LAN via XSS, pdp (architect), 2006/08/04
    - Re: [Full-disclosure] Attacking the local LAN via XSS, Nikolay Kubarelov, 2006/08/07
    - Re: [Full-disclosure] Attacking the local LAN via XSS, Dude VanWinkle, 2006/08/08
[Full-disclosure] Re: JavaScript port scanning, pdp (architect), 2006/08/02
- [Full-disclosure] Re: JavaScript port scanning, pdp (architect), 2006/08/02
JavaScript port scanner, pdp (architect), 2006/08/02
Fwd: SF new column announcement: E-mail privacy in the workplace, Andrew van der Stock, 2006/08/01
- RE: SF new column announcement: E-mail privacy in the workplace, Craig Wright, 2006/08/02
- SF new column announcement: E-mail privacy in the workplace, Craig Wright, 2006/08/07
AppSec tools, it_strategy, 2006/08/01
- Re: AppSec tools, Dhruv Soi, 2006/08/02
RE: [WEB SECURITY] Reminder: WASC Meet-up at Black Hat (USA 2006), contact, 2006/08/01
IEEE Web Security Special, Mark Curphey, 2006/08/01
- Re: IEEE Web Security Special, Eoin, 2006/08/01
Reminder: WASC Meet-up at Black Hat (USA 2006), contact, 2006/08/01
Re: OS XSS and SQL scanner, Dean H. Saxe, 2006/08/01
- RE: OS XSS and SQL scanner, Mandeep Khera, 2006/08/01
  - RE: OS XSS and SQL scanner, Arian J. Evans, 2006/08/01
    - Re: OS XSS and SQL scanner, Dean H. Saxe, 2006/08/02
    - Re: OS XSS and SQL scanner, Rory McCune, 2006/08/02
    - Message not available
    - Re: OS XSS and SQL scanner, Dean H. Saxe, 2006/08/02
    - Re: OS XSS and SQL scanner, Eoin, 2006/08/02
    - Re: OS XSS and SQL scanner, Rogan Dawes, 2006/08/02
    - Re: OS XSS and SQL scanner, Devdas Bhagat, 2006/08/02
- Re: OS XSS and SQL scanner, Dean H. Saxe, 2006/08/02
  - RE: OS XSS and SQL scanner, Burke, Charles, 2006/08/02
- RE: OS XSS and SQL scanner, Dean H. Saxe, 2006/08/02