Web Application Security Mode:
(Page 1 of 331)  1 2 3 4 5 6 7 8 9 10 11  Next >
Administrivia: Trouble Ticket Systems subscribing to this list and unsubscribe requests 2014-10-23
Andrew van der Stock (vanderaj greebo net)
Hi there,

I have become aware of a number of you subscribing trouble ticketing
systems to this mail list. Robin (@digininja) has managed to find
someone to start helping us.

I will - with some luck - be getting access to the admin panel, and if
that happens, I will be unsubscribing any trouble tic

[ more ]  [ reply ]
Re: Shameless plug: OWASP Board Elections 2014-10-22
Brian Zaugg (bzaugg authentic8 com)
Here! Here! I like the idea of making the list more active and useful.
And, a good article on cross-domain policy and CSRF is a great start.

Brian

>
> On Tue, Oct 21, 2014 at 9:01 AM, Robin Wood <robin (at) digi (dot) ninj [email concealed]a> wrote:
>>
>> Hi
>> I'd love to see the list going again and getting more use. I thin

[ more ]  [ reply ]
unsubscribing from the list 2014-10-22
Robin Wood (robin digininja org) (1 replies)
Seeing as quite a few people have mailed me directly asking to
unsubscribe from the list I want to point to these entries which are
in the headers of every mail sent out by the list.

List-Id: <webappsec.list-id.securityfocus.com>
List-Post: <mailto:webappsec (at) securityfocus (dot) com [email concealed]>
List-Help: <mailto:we

[ more ]  [ reply ]
Re: unsubscribing from the list 2014-10-22
Andrew van der Stock (vanderaj greebo net)
Shameless plug: OWASP Board Elections 2014-10-21
Andrew van der Stock (vanderaj greebo net) (1 replies)
Hi there,

Apologies for complete self interest where the list admin (me) pushes
a personal interest (OWASP). However, I believe the Open Web
Application Security Project is on topic for the web application
security mail list, and I wouldn't normally do it (you can check -
I've been moderator since

[ more ]  [ reply ]
Re: Shameless plug: OWASP Board Elections 2014-10-21
Robin Wood (robin digi ninja) (1 replies)
Re: Shameless plug: OWASP Board Elections 2014-10-22
maestro (7h3 m43s7r0 gmail com)
CFP COMCOM, Elsevier: Special Issue on Security and Privacy in Unified Communications: Challenges and Solutions, Manuscript Due October 31, 2014 2014-10-20
Georgios Karopoulos (georgios karopoulos gmail com)
[Apologies if you receive multiple copies of this message]

========================================================================

*Call for Papers*

Computer Communications Journal, Elsevier
(Current Impact Factor: 1.352)

Special Issue on:
Security and Privacy in Unified Communications: Challen

[ more ]  [ reply ]
CFP COMCOM, Elsevier: Special Issue on Security and Privacy in Unified Communications: Challenges and Solutions, Manuscript Due October 31, 2014 2014-10-07
Georgios Karopoulos (georgios karopoulos gmail com)
[Apologies if you receive multiple copies of this message]

========================================================================

*Call for Papers*

Computer Communications Journal, Elsevier
(Current Impact Factor: 1.352)

Special Issue on:
Security and Privacy in Unified Communications: Challen

[ more ]  [ reply ]
OWASP Xenotix XSS Exploit Framework v6 Released 2014-09-15
Ajin Abraham (ajin25 gmail com)
Hi All,
Xenotix provides Zero False Positive XSS Detection by
performing the Scan within the browser engines where in real world,
payloads get reflected. Xenotix Scanner Module is incorporated with 3
intelligent fuzzers to reduce the scan time and produce better
results. If you really don't

[ more ]  [ reply ]
t2â??14 Challenge to be released 2014-09-13 10:00 EEST 2014-09-07
Tomi Tuominen (tomi tuominen t2 fi)
Running assets is always difficult, however this year has been excruciating for t2 infosec. We lost one of our most prized and well placed deep cover operatives in a foreign three letter agency. Shortly after the CFP, communications stopped and we have to assume her new assignment is a permanent pla

[ more ]  [ reply ]
Arachni v1.0 (WebUI v0.5) has been released (Open Source Web Application Security Scanner Framework) 2014-08-29
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and high-performance
Web Application Security Scanner Framework written in Ruby.

This release makes Arachni the first F/OSS system to have support for a browser
environment, allowing it to handle modern web applications which mak

[ more ]  [ reply ]
IJDSN - Special Issue on Research Advances in Security and Privacy for Smart Cities 2014-08-07
Georgios Kambourakis (gkamb aegean gr)
International Journal of Distributed Sensor Networks (IF 0.923)
Special Issue on Research Advances in Security and Privacy for Smart Cities

*** SUBMISSION DEADLINE EXTENDED TO Sept. 19, 2014 ***

Security for smart cities is considered to embrace both urban security
subsystems and infrastructure s

[ more ]  [ reply ]
nullcon CFP is open 2014-08-06
nullcon (nullcon nullcon net)
Dear Security Gurus,

6th year | CFP opens on 6th Aug 2014 | conference on 6th Feb 2015.

Welcome to nullcon 666! Bring out the beast in you.
http://en.wikipedia.org/wiki/666_(number)

we are happy to open the CFP. Time to tickle your gray cells and
submit your research.
Training: 4th-5th Feb 2015
C

[ more ]  [ reply ]
6 new vulnerabilities 2014-07-29
Mark Litchfield123 (mark securatary com)
I have released details of six new Bug Bounty vulnerabilities, 5 of
which resulted in total payouts of $33,217.00 Usual write ups with step
by step screen shots detailed.

I have chosen to move the content from securatary.com to now be hosted
on https://www.uzbey.com/bbp-funding the reasons for

[ more ]  [ reply ]
Ruxcon 2014 Final Call For Presentations 2014-07-15
cfp ruxcon org au
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October

[ more ]  [ reply ]
IJDSN SI on Research Advances in Security and Privacy for Smart Cities 2014-07-12
Georgios Kambourakis (gkamb aegean gr)
*Deadline is approaching*

International Journal of Distributed Sensor Networks (Impact factor: 0.727)
*Special Issue on Research Advances in Security and Privacy for Smart
Cities*
Online version of CFP: http://www.hindawi.com/journals/ijdsn/si/239803/cfp/

Security for smart cities is considered to

[ more ]  [ reply ]
t2'14: Call for Papers 2014 (Helsinki / Finland) 2014-05-19
Tomi Tuominen (tomi tuominen t2 fi)
#
# t2'14 - Call For Papers (Helsinki, Finland) - October 23 - 24, 2014
#

Do you feel like Las Vegas is too hot, Berlin too bohème, Miami too humid, Singapore too clean and Pattaya just totally confusing ? No worries! Helsinki will be the perfect match for you â?? guaranteed low temperature, high

[ more ]  [ reply ]
Re: Worst news story I have ever read 2014-05-16
Mark Litchfield (mark securatary com)
Update - SCMagazine (Steve Gold) has kindly removed the story. Thank you.

Also thanks to everyone that responded directly to me.

All the best

Mark

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website

[ more ]  [ reply ]
Worst news story I have ever read 2014-05-15
Mark Litchfield (mark securatary com)
Worst article I have ever read, would expect a lot better from SC
Magazine. At least understand what you are writing about !!

http://www.scmagazineuk.com/make-money-from-paypal--but-not-legally/arti
cle/347142/

"Mark Litchfield, a researcher with Securatary, meanwhile, says he has
spotted a simil

[ more ]  [ reply ]
PayPal Manager Admin Account Hijack 2014-05-15
Mark Litchfield (mark securatary com) (1 replies)
Hi All,

I have just released a new vulnerability at
http://www.securatary.com/vulnerabilities outlining a hack on
http://manager.paypal.com that in the end allowed full admin access.

PayPal were very quick to fix this issue, so nice job PayPal Security /
Engineering team

--
All the best

Mark

[ more ]  [ reply ]
Re: PayPal Manager Admin Account Hijack 2014-05-15
Daniel Kester (dekester usgs gov)
Breakpoint 2014 Call For Presentations 2014-05-07
cfp ruxcon org au
Breakpoint 2014 Call For Papers
Melbourne, Australia, October 8th-9th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2014.

Breakpoint showcases the work of expert security researchers from a

[ more ]  [ reply ]
Ruxcon 2014 Call For Papers 2014-05-05
cfp ruxcon org au
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th
of October at the CQ Function Cent

[ more ]  [ reply ]
SpiderFoot 2.1.4 released 2014-04-28
Steve Micallef (steve binarypool com)
Hi all,

SpiderFoot 2.1.4 is now available, and will be the last enhancement
release on the 2.1 branch as I focus on 2.2. SpiderFoot is an open
source footprinting and intelligence gathering tool, written in Python
and runs on Linux, *BSD and Windows.

Since 2.1.0 was announced here in January, t

[ more ]  [ reply ]
OWASP ZAP 2.3.0 2014-04-10
psiinon (psiinon gmail com)
Hi folks,

OWASP ZAP 2.3.0 is now available :
http://code.google.com/p/zaproxy/wiki/Downloads?tm=2

Quick summary of the main changes:

* A ZAP 'lite' version in addition to the existing 'full' version
* View, intercept, manipulate, resend and fuzz client-side (browser) events
* Enhanced authenticat

[ more ]  [ reply ]
Re: Web Application Vulnerability Categorization 2014-04-02
m@d m0nk (th3madm0nk gmail com)
Thank you guys - got the idea.

On Wed, Apr 2, 2014 at 7:10 PM, Eric Schultz <fire0088 (at) gmail (dot) com [email concealed]> wrote:
> Its important to note that you described two different findings.
>
> 1. Password recovery is brute forcable. If you stuck with owasp, the broken
> auth catagory is the best fit. Check if your

[ more ]  [ reply ]
Re: Web Application Vulnerability Categorization 2014-04-01
Seth Art (sethsec gmail com) (1 replies)
m0nk,

This CWE fits pretty closely: CWE-640: Weak Password Recovery
Mechanism for Forgotten Password -
http://cwe.mitre.org/data/definitions/640.html

-Seth

On Tue, Apr 1, 2014 at 2:24 PM, Seth Art <sethsec (at) gmail (dot) com [email concealed]> wrote:
> m0nk,
>
> This CWE fits pretty closely: CWE-640: Weak Password Recovery

[ more ]  [ reply ]
Re: Web Application Vulnerability Categorization 2014-04-02
Dave Ferguson (gmdavef gmail com)
Web Application Vulnerability Categorization 2014-04-01
m@d m0nk (th3madm0nk gmail com)
Hello Team,

Greetings!!!.

I have a web app with a password recovery option. There is a secret
question and if the user enters the correct answer to the secret
question, the username and password is provided to the user.

If the password recover page / module allows multiple tries
(brute-force and

[ more ]  [ reply ]
(Page 1 of 331)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus