While not directly related to your papers topic. I think it would
be beneficial to raise awareness of the issue illustrated in this
paper by Gary O'Leary-Steele.
Surprising how many forgotten password mail out features are vulnerable
to this.
Brett
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Adrian Pastor
Sent: Wednesday, 16 July 2008 2:06 a.m.
To: webappsec (at) securityfocus (dot) com [email concealed]
Subject: Auditing mailing scripts for web app pentesters
* PGP Signed by an unknown key
Hi guys,
We just released a paper aimed at web application pentesters. The paper
~ discusses auditing scripts for vulnerabilities that would allow using
the target organization's mail servers for spamming/phishing purposes.
The content of the paper is derived from real pentest experiences on
live e-commerce environments. I hope you find it useful and can apply
its content to your security testing assessments:
http://www.procheckup.com/CRLFi.pdf
--
Adrian P. | Senior IT Security Consultant | ProCheckUp Ltd
* Unknown Key
* 0x06E653A6(L)
------------------------------------------------------------------------
-
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in the
development of any web application. What methodology should be followed?
What tools can accelerate the assessment process? Download this Whitepaper
today!
------------------------------------------------------------------------
-
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
While not directly related to your papers topic. I think it would
be beneficial to raise awareness of the issue illustrated in this
paper by Gary O'Leary-Steele.
http://www.sec-1labs.co.uk/advisories/BTA_Full.pdf
Surprising how many forgotten password mail out features are vulnerable
to this.
Brett
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Adrian Pastor
Sent: Wednesday, 16 July 2008 2:06 a.m.
To: webappsec (at) securityfocus (dot) com [email concealed]
Subject: Auditing mailing scripts for web app pentesters
* PGP Signed by an unknown key
Hi guys,
We just released a paper aimed at web application pentesters. The paper
~ discusses auditing scripts for vulnerabilities that would allow using
the target organization's mail servers for spamming/phishing purposes.
The content of the paper is derived from real pentest experiences on
live e-commerce environments. I hope you find it useful and can apply
its content to your security testing assessments:
http://www.procheckup.com/CRLFi.pdf
--
Adrian P. | Senior IT Security Consultant | ProCheckUp Ltd
* Unknown Key
* 0x06E653A6(L)
------------------------------------------------------------------------
-
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in the
development of any web application. What methodology should be followed?
What tools can accelerate the assessment process? Download this Whitepaper
today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
------------------------------------------------------------------------
-
------------------------------------------------------------------------
-
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
------------------------------------------------------------------------
-
[ reply ]