Web Application Security Mode:
(Page 1 of 333)  1 2 3 4 5 6 7 8 9 10 11  Next >
Breakpoint 2015 Call For Presentations 2015-05-17
cfp ruxcon org au
Breakpoint 2015 Call For Papers
Melbourne, Australia, October 22th-23th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

We are pleased to announce Call For Presentations for Breakpoint 2015.

Breakpoint showcases the work of expert security researchers from arou

[ more ]  [ reply ]
44CON CFP Open 2015-05-13
Steve (steve 44con com)
44CON London is the UK's largest combined annual Security Conference and Training event. Taking place on the evening of the 9th and all day on the 10th and 11th of September at the ILEC Conference Centre near Earls Court, London, we will have a fully dedicated conference facility, including secure w

[ more ]  [ reply ]
Call for Papers: RAID 2015 2015-05-11
Skander Iversen (skander iversen gmail com)
Dear colleagues,

I would like to announce the following CFP.
Please kindly consider submitting to this conference.

This year's RAID will take in marvelous Kyoto, Japan.

-----------------------------------------
RAID 2015
Kyoto, Japan, November 2-4, 2015
http://www.raid2015.org/

Call for Papers
-

[ more ]  [ reply ]
Arachni Framework v1.1 & WebUI v0.5.7 have been released (Web Application Security Scanner) 2015-05-01
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and high-performance
Web Application Security Scanner Framework.

The highlights of this release are:

* More sensible default options.
* Approximately 7-fold performance increase (YMMV depending on webapp characteristics).
* Supp

[ more ]  [ reply ]
whitepaper: Identifier based XSSI attacks 2015-04-20
Takeshi Terada (mbsdtest01 gmail com)
Hello list members,

We released a new technical whitepaper titled:
"Identifier based XSSI attacks"

URL:
http://www.mbsd.jp/Whitepaper/xssi.pdf

Summary:
Some new attack techniques and browser vulnerabilities regarding XSSI
(Cross-Site Script Inclusion) are explained. In the attacks, a method
of tr

[ more ]  [ reply ]
Ruxcon 2015 Call For Presentations 2015-04-13
cfp ruxcon org au
Ruxcon 2015 Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th of Oc

[ more ]  [ reply ]
SpiderFoot 2.3.0 released 2015-02-11
Steve Micallef (steve binarypool com)
Hi all,

SpiderFoot 2.3.0 is now available, and includes a ton of new
functionality since 2.1.4 was last announced here. SpiderFoot is an open
source intelligence gathering / reconnaissance tool utilising over 40
data sources and methods, all driven through a snappy web UI.

Here's what's new sin

[ more ]  [ reply ]
nullcon HackIM Challenge 9-11 Jan 2015 2014-12-29
nullcon (nullcon nullcon net)
Namaste Ninjas,

Seasons greetings!
We are back for 6th time in Goa. nullcon 666 welcomes you to the
beastly devilish conference.
As nullcon is getting near, we are excited and ready to announce the
registration for HackIM CTF. Details at http://ctf.nullcon.net This
time HackIM is powered by EMC and

[ more ]  [ reply ]
File Upload with changed extension 2014-12-02
Jyotiranjan Acharya (jyotiranjan121 gmail com) (2 replies)
If you are able to upload a file with a changed extension, then will
that be a problem?
For example, you can not ,in any way, upload a .exe or .php/.jsp/.asp
file directly into a web App, but you can by changing their extension
to .JPG. What is the risk in such a case?

This list is sponsored by

[ more ]  [ reply ]
Re: File Upload with changed extension 2014-12-04
Michal Zalewski (lcamtuf coredump cx) (1 replies)
Re: File Upload with changed extension 2014-12-04
Robin Wood (robin digi ninja)
Re: File Upload with changed extension 2014-12-03
Guillermo Caminer (flaco webappsec gmail com) (1 replies)
Re: File Upload with changed extension 2014-12-03
Tobias Wassermann (mail tobias-wassermann de) (1 replies)
Re: File Upload with changed extension 2014-12-03
Seth Art (sethsec gmail com) (1 replies)
Re: File Upload with changed extension 2014-12-04
Paul Burbage (paul k burbage gmail com)
Tizen 2.2.1 WebKit Address Spoofing Vulnerability 2014-12-02
Ajin Abraham (ajin25 gmail com)
<!--
Title: Tizen 2.2.1 WebKit Address Spoofing Vulnerability
Author: Ajin Abraham | @ajinabraham
Website: http://opensecurity.in
Affected Product: Tizen Default Browser
Affected Version: Tizen 2.2.1
Video Demo: https://www.youtube.com/watch?v=QKbTSxlCX7c

-->
<html>
<head><title>Tizen Browser - Add

[ more ]  [ reply ]
Re: concurrent logins 2014-11-24
Stephen de Vries (stephen continuumsecurity net) (1 replies)
> The reason I was thinking about this is the thing I was reading was
> suggesting to prevent session hijacking that concurrent logins should
> not be allowed, 2FA stops actual logins but not hijacks.

Session hijacking is only possible after some other vulnerability in the site is exploited, e.g.

[ more ]  [ reply ]
Re: concurrent logins 2014-11-24
Robin Wood (robin digi ninja)
Social Security Number in Hidden field 2014-11-23
Jyotiranjan Acharya (jyotiranjan121 gmail com) (1 replies)
Hello,

There is an application which is present in an intranet. When, the
Admin of the application loads the user information page, a field
called SSN appears. It shows ###-##-####. But the actual SSN remains
in a hidden field.

Do you think there should be a security issue with this ?

Regards
Jyo

[ more ]  [ reply ]
Re: Social Security Number in Hidden field 2014-11-23
Robin Wood (robin digi ninja) (1 replies)
Re: Social Security Number in Hidden field 2014-11-23
snipe (snipe snipe net) (1 replies)
Re: Social Security Number in Hidden field 2014-11-23
Abhay Rana (capt n3m0 gmail com) (2 replies)
RE: Social Security Number in Hidden field 2014-11-24
Jeffory Atkinson (jatkinson zelvin com) (1 replies)
RE: [EXT] RE: Social Security Number in Hidden field 2014-11-24
Hambleton, Robert F (RHamble citgo com)
Re: Social Security Number in Hidden field 2014-11-24
Lorne Kates (lkates gmail com) (1 replies)
Re: Social Security Number in Hidden field 2014-11-24
Antti Virtanen (Antti Virtanen solita fi)
Re: concurrent logins 2014-11-21
Robin Wood (robin digi ninja)
On 19 November 2014 14:27, Aaron Sanders <malmoose37 (at) gmail (dot) com [email concealed]> wrote:
> Just thinking out loud (still haven't had coffee yet) but what about second
> factor? Is that in scope for this question? I would think you can allow all
> the concurrent sessions a user wants as long as all of them were valida

[ more ]  [ reply ]
Re: concurrent logins 2014-11-21
Robin Wood (robin digi ninja)
On 19 November 2014 15:42, Paul Robinson <paul (at) iconoplex.co (dot) uk [email concealed]> wrote:
> On 19 November 2014 10:30, Robin Wood <robin (at) digi (dot) ninj [email concealed]a> wrote:
>>
>> What are peoples opinions on allowing concurrent logins to web apps? I
>> suppose it depends on what the app is used for - forum, admin suite
>> etc - but do

[ more ]  [ reply ]
Re: concurrent logins 2014-11-21
Robin Wood (robin digi ninja)
On 19 November 2014 16:41, Seth Art <sethsec (at) gmail (dot) com [email concealed]> wrote:
> As a user, I love how gmail does it, and I would love to see that more.
>
> As a tester, I personally treat this one as more of a recommendation than a
> finding in most cases. I find this one is difficult to defend in findings
> revi

[ more ]  [ reply ]
Re: concurrent logins 2014-11-21
Robin Wood (robin digi ninja)
On 19 November 2014 18:22, Rogan Dawes <rogan (at) dawes.za (dot) net [email concealed]> wrote:
> You have been logged out, because someone has just logged in using your
> username and password. If this was you, please ignore this message.
>
> Otherwise, please change your password immediately, and contact our security
> depart

[ more ]  [ reply ]
(Page 1 of 333)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus