Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?

Are you wiling to gamble on the security of you systems?

Join the upcoming CONFidence conference and meet both renown speakers and
specialist

[ more ]  [ reply ]

Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other?

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced t

[ more ]  [ reply ]

Hi everyone,

A small reminder that article submissions for HITB Magazine Issue 010
are due tomorrow (15th May 2013). If you're interested in submitting
please send your > 3000 word article to editorial (at) hackinthebox (dot) org [email concealed]

Topics of interest include, but are not limited to the following:

Next gen

[ more ]  [ reply ]

The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analy

[ more ]  [ reply ]

Hi everyone,

SpiderFoot is a free, open-source footprinting tool, enabling you to
perform various scans against a given domain name in order to obtain
information such as sub-domains, e-mail addresses, owned netblocks, web
server versions and so on. The main objective of SpiderFoot is to
automa

[ more ]  [ reply ]

Hi everyone - This is a Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL which takes place on the
16th and 17th of October in Kuala Lumpur.

Keynote speakers for the conference will be Joe Sullivan (Chief Security
Officer, Facebook) and Andy Ellis (Chief Securit

[ more ]  [ reply ]

Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from

[ more ]  [ reply ]

Hey folks,

This is just to let you know that there's a new version of Arachni.

Arachni is a modular and high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but the gist is:
* Brand new web interface -- allowing for team co

[ more ]  [ reply ]

Hi all,

I'm going to be in Milan this week.

Not that there are many messages to moderate, but moderation will be
iffy / slow this next week, particularly during the bits where various
planes are flapping their wings and going "whoosh".

Normal moderation service will resume May 5.

thanks,
Andrew

[ more ]  [ reply ]

Hello!

I am currently performing my master thesis on the topic of quantifying the
severity of
software vulnerabilities.

As you have done significant work in this area, I would be glad if you
could spare a few
minutes of your time to answer a survey on the topic. It should not
require more than 1

[ more ]  [ reply ]

Defcon DCG Kerala Information Security Meet 2013
=====================================
Defcon DCG Kerala (DC0497) is a Defcon USA registered group for
promoting and demonstrating research and development in the field of
Information Security. We are a group of Information Security
Enthusiasts activel

[ more ]  [ reply ]

/ _ \ / _ \ |__ \ / _ \/_ |___ ___| | | | ___| | | |_ __ ) | | | || | __) |
/ __| | | |/ __| | | | '_ \ / /| | | || ||__ <
| (__| |_| | (__| |_| | | | | / /_| |_| || |___) |
\___|\___/ \___|\___/|_| |_| |____|\___/ |_|____/

####################################

[ more ]  [ reply ]

Dear all,

This is to announce release of winAUTOPWN version 3.4.
Conceived and released in 2009, WINDOWS AUTOPWN grows strong completing its 4th year.
Visit: http://winautopwn.co.nr

++++++++++++++++++++
About winAUTOPWN:

winAUTOPWN is a unique exploit framework which aids in auto (hackin

[ more ]  [ reply ]

Hope you enjoy it.

http://danuxx.blogspot.com/2013/03/unauthorized-access-bypassing-php-str
cmp.html

--
DanUx

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

[ more ]  [ reply ]

************************************************************************
*******

PARENTAL ADVISORY: 100% technical content
************************************************************************
*******

+--------------------------------------------------------------+
=

[ more ]  [ reply ]

The 3rd Annual 44CON, held in London, England this September promises to
bring the brightest and best research from around the globe to the
world?s financial centre. We?re looking for speakers, workshops and
training courses to make the event bigger and better than last year. If
you?d like an ac

[ more ]  [ reply ]

[Apologies for multiple copies of this announcement]

= Call for Presentations: OWASP AppSec Research EU 2013 =

The German Chapter of the Open Web Application Security Project
(OWASP) is proud to organize this years' OWASP AppSec Research EU
conference.

OWASP AppSec conferences are the premier

[ more ]  [ reply ]

[Apologies for multiple copies of this announcement]

= Call for Papers: OWASP Research 2013 - Refereed Papers Track =

The German OWASP Chapter will host the OWASP AppSec Europe Research
2013 global conference in beautiful Hamburg, Germany.

Date: August 20-23, 2013
Location: Emporio Hamburg (http

[ more ]  [ reply ]

Defcon Kerala Information Security Meet 2013 Call For Papers

Defcon Kerala (DC0497) is a Defcon USA Registered group for promoting
and demonstrating research and development in the field of Information
Security. We are a group of Information Security Enthusiasts actively
interested in promoting inf

[ more ]  [ reply ]

Hi everyone - This is the FINAL CALL for paper submissions for the 4th
annual HITB Security Conference in Amsterdam, #HITB2013AMS. We're
looking for talks that are highly technical, but most importantly,
material which is new and cutting edge.

Submissions are due BEFORE 8th Feb 23:59 CET

HITB CFP:

[ more ]  [ reply ]

Hi folks,

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated
penetration testing tool for finding vulnerabilities in web
applications.

It is designed to be used by people with a wide range of security
experience and as such is ideal for developers and functional testers
who are new to p

[ more ]  [ reply ]

**************************************************************
Title: Buffalo TeraStation TS-Series multiple vulnerabilities
Version affected: firmware version <= 1.5.7
Vendor: http://www.buffalotech.com/products/network-storage
Discovered by: Andrea Fabrizi
Email: andrea.fabrizi (at) gmail (dot) com [email concealed]
Web: http

[ more ]  [ reply ]

Happy belated 2013 everyone! This is a gentle reminder that the The
Call for Papers for #HITB2013AMS (the fourth annual HITBSecConf in
Amsterdam) closes on the 8th of February. We're looking for talks that
are highly technical, but most importantly, material which is new and
cutting edge. In short,

[ more ]  [ reply ]

Hey,

The application is a sort of secure payment with NFC. However the tag
is passive (not connected to any network) and it's the mobile app's
responsibility to communicate with the server.
The whole system works with certificates and signatures for
authentication. This implies that the server gene

[ more ]  [ reply ]

Hi,

In my android application I need to save several sensitive files and I
want to encrypt them.
But I have doubts the way to store the key on the device!
The application is protected with PIN code and the is also
communication with the back-end server. But such communication should
be as
less as p

[ more ]  [ reply ]

Hi Group,

I came across a project to check the code that is obfuscated with Pro
guard. I was asked to check that, it is not possible to retrieve the
original code through reverse engineering or any other methods or
tools.
Are there any de-obfuscators available(commercial or opensource) for
JAVA?Any

[ more ]  [ reply ]