Web Application Security
Re: Shameless plug: OWASP Board Elections Oct 22 2014 05:53PM
Brian Zaugg (bzaugg authentic8 com) (1 replies)
Re: Shameless plug: OWASP Board Elections Oct 24 2014 08:35PM
Seth Art (sethsec gmail com) (1 replies)
Re: Shameless plug: OWASP Board Elections Oct 27 2014 09:26AM
Robin Wood (robin digi ninja)
On 24 October 2014 21:35, Seth Art <sethsec (at) gmail (dot) com [email concealed]> wrote:
> Robin,
>
> Thanks so much for the kind words about my talk. I gave an extended
> version of my talk this past weekend at BSidesDC, and the video just
> posted a few hours ago: https://www.youtube.com/watch?v=v5DIcAtnKRU.
> The BSidesDC version includes a demo at the end which will hopefully
> give people an idea of what is required to go from finding this
> vulnerability to exploiting it.

I'll have a look at that. I thought I'd got my head around the
vulnerability then watch the first video and realised that I'd only
got half of it, really need time now to lab it all up and test it out.

> Back to the real point of this thread: I also would love for this list
> to become more active. It is one of the very few mailing lists that I
> allow to go right to my inbox without a filter. :)
>
> I think your recommendation is key -- The best way to make the list
> more useful is to actually use it more. I pledge to do the same as you
> -- to use this list as a resource whenever possible.

Sounds good, the more posts the better it will be.

> One last thought - Since this list is currently at such a low volume,
> and Andrew has expressed that although he is the moderator, he does
> not have full control: Should we use this opportunity to reboot and
> move this list? Turn it into a google group managed list or something
> similar. We could even take the web part out and call it appsec in a
> move to include the mobile application people/topics, since they are
> usually so similar.

It would be good to keep it here as it already lands in lots of
inboxes and to collect that number of users again will be hard. We are
in touch with someone at Symantec who says they are getting somewhere
tracking down the admins who can help Andrew take full control, I
guess if he fails then a move may be the best thing.

> Or should we just stick to the simple plan and try to revive this list
> and keep the history in tact. I just looked and this list was pretty
> crazy back in 2004, 2005!
>
> http://seclists.org/webappsec/

A quick look and I've found some of my posts from 2009.

Robin

> Regards,
>
> Seth
>
> On Wed, Oct 22, 2014 at 1:53 PM, Brian Zaugg <bzaugg (at) authentic8 (dot) com [email concealed]> wrote:
>>
>> Here! Here! I like the idea of making the list more active and useful.
>> And, a good article on cross-domain policy and CSRF is a great start.
>>
>> Brian
>>
>> >
>> > On Tue, Oct 21, 2014 at 9:01 AM, Robin Wood <robin (at) digi (dot) ninj [email concealed]a> wrote:
>> >>
>> >> Hi
>> >> I'd love to see the list going again and getting more use. I think my
>> >> reason for not using it is that it isn't being used so I forget about
>> >> it, it needs traffic to gain some traction and remind people it
>> >> exists.
>> >>
>> >> I'll make sure that I post some questions when they come up, see if we
>> >> can get it moving again.
>> >>
>> >> As a start, I've just watched this brilliant explanation of why an
>> >> open crossdomain policy file is bad, I'd really recommend it to any
>> >> app testers.
>> >>
>> >> http://www.irongeek.com/i.php?page=videos/derbycon4/t505-swf-seeking-laz
y-admin-for-cross-domain-action-seth-art
>> >>
>> >> Robin
>> >>
>> >> PS, as I've just found out, the list doesn't like MIME encoded mails
>> >> so if you are sending through Gmail make sure you set the mail to
>> >> plain text. I can't find a way to do this through the Android Gmail
>> >> client though so if anyone knows how please share.
>> >>
>> >> On 21 October 2014 03:46, Andrew van der Stock <vanderaj (at) greebo (dot) net [email concealed]> wrote:
>> >> > Hi there,
>> >> >
>> >> > Apologies for complete self interest where the list admin (me) pushes
>> >> > a personal interest (OWASP). However, I believe the Open Web
>> >> > Application Security Project is on topic for the web application
>> >> > security mail list, and I wouldn't normally do it (you can check -
>> >> > I've been moderator since 2004), but it's important.
>> >> >
>> >> > Beyond the plug below - I am very interested in ways we can revitalise
>> >> > this list. I don't know about you, but getting CFPs and not much else
>> >> > is getting old. Please reply and discuss how we might achieve that,
>> >> > because the list has become pretty moribund.
>> >> >
>> >> > Shameless plug-a-rama:
>> >> >
>> >> > Full disclosure: not only is OWASP a long standing personal interest
>> >> > of mine, I'm
>> >> > also standing for the Board. That said, I'm not asking you to vote for
>> >> > me (although that would be lovely!), I *am* asking you to vote if you
>> >> > are an OWASP member!
>> >> >
>> >> > For those list members who are also OWASP members, please be aware
>> >> > that there was a technical issue in relation to expired members not
>> >> > getting a renewal notice, and thus not getting a ballot to vote. That
>> >> > issue should be resolved now. You have until the 24th to renew and
>> >> > then vote. More details:
>> >> >
>> >> > http://lists.owasp.org/pipermail/owasp-community/2014-October/000399.htm
l
>> >> >
>> >> > The election has been extended to October 31 for all electors to cope
>> >> > with renewals and then give you time to make an informed vote.
>> >> >
>> >> > Please review the candidate interviews, and then place your vote.
>> >> > HIstorically, our elections have been not representative of the OWASP
>> >> > global membership as for whatever reason, members outside of the US
>> >> > chose not to vote as often as OWASP US members. Let's get out the
>> >> > vote!
>> >> >
>> >> > Look through these interviews, work out who are your favorite three
>> >> > candidates, and vote for OWASP's future!
>> >> >
>> >> > https://www.owasp.org/index.php/2014_Board_Elections#2014_Board_Candidat
e_Interviews
>> >> >
>> >> > End shameless plug
>> >> >
>> >> > thanks,
>> >> > Andrew
>> >> >
>> >> >
>> >> >
>> >> > This list is sponsored by Cenzic
>> >> > --------------------------------------
>> >> > Let Us Hack You. Before Hackers Do!
>> >> > It's Finally Here - The Cenzic Website HealthCheck. FREE.
>> >> > Request Yours Now!
>> >> > http://www.cenzic.com/2009HClaunch_Securityfocus
>> >> > --------------------------------------
>> >> >
>> >>
>> >>
>> >>
>> >> This list is sponsored by Cenzic
>> >> --------------------------------------
>> >> Let Us Hack You. Before Hackers Do!
>> >> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>> >> Request Yours Now!
>> >> http://www.cenzic.com/2009HClaunch_Securityfocus
>> >> --------------------------------------
>> >>
>> >
>>
>>
>>
>> This list is sponsored by Cenzic
>> --------------------------------------
>> Let Us Hack You. Before Hackers Do!
>> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>> Request Yours Now!
>> http://www.cenzic.com/2009HClaunch_Securityfocus
>> --------------------------------------
>>
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus