Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Web Application Security Mode:
(Page 1 of 308)  1 2 3 4 5 6 7 8 9 10 11  Next >
Re: out of box scanner 2009-12-01
Lawrence Pingree (ntpeck yahoo com)
Rapid 7 is better, nothing stored off site.

Best Regards,

Lawrence Pingree

On Nov 30, 2009, at 9:52 PM, Erik Ilves <green.boy (at) mail (dot) ee [email concealed]> wrote:

Hey John,

I haven't evaluated myself because i love my nessus scanner, but I've heard good things about http://www.qualys.com/

B r,

Erik

On 25.11.200

[ more ]  [ reply ]
Complex applications security testing framework 2009-11-28
Marat VYSHEGORODTSEV (marat vyshegorodtsev gmail com) (1 replies)
Hello, web security researchers!

There is well known methodology for auditing security of web
applications called OWASP Testing Guide [0], but it describes testing
procedures for only web applications, not for, like, complex
applications (for example, containing application servers, application
gat

[ more ]  [ reply ]
Re: Complex applications security testing framework 2009-11-29
chr1x (chr1x sectester net) (1 replies)
Re: Complex applications security testing framework 2009-11-29
Marat VYSHEGORODTSEV (marat vyshegorodtsev gmail com)
out of box scanner 2009-11-25
John Bennett (john glitterpants org) (2 replies)
I'm currently evaluating some commercial scanners and wanted to get a
feel for others experiences with appscan/cenzic/webinspect. Any
gotcha's with any of these products and can anybody recommend one over
the other?

thanks,
John

This list is sponsored by Cenzic
-----------------------------

[ more ]  [ reply ]
Re: out of box scanner 2009-12-01
Erik Ilves (green boy mail ee)
Re: out of box scanner 2009-11-26
Jon Kibler (Jon Kibler aset com) (1 replies)
Re: out of box scanner 2009-11-26
Brian Shura (bshura73 gmail com)
Replicating the Gonzalez Cyber Attacks through Penetration Testing 2009-11-21
Core Security (sfa securityfocus com)
------------------------------------------------------------------------
--------
YOU'RE INVITED: IT SECURITY ON DEMAND WEBCAST

"Replicating the Gonzalez Cyber Attacks through Penetration Testing"
Register: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez
--------------------

[ more ]  [ reply ]
winAUTOPWN 2.0 - Introducing winAUTOPWN GUI - Now you can sleep 2009-11-03
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

After a long break and a lot of Unpolished SITA releases of the previous version,
I am finally releasing winAUTOPWN version 2.0

winAUTOPWN or WINDOWS AUTOPWN version 2.0 now has a GUI (winAUTOPWN_GUI.exe) to initiate the main
console winAUTOPWN.exe
winAUTOPWN now supports all console ar

[ more ]  [ reply ]
Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities 2009-10-15
Andrea Fabrizi (andrea fabrizi gmail com)
**************************************************************
Application: Snitz Forums 2000
Version affected: 3.4.07
Website: http://forum.snitz.com/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi (at) gmail (dot) com [email concealed]
Web: http://www.andreafabrizi.it
Vuln: Multiple Cross-Site Scripting
****************

[ more ]  [ reply ]
[BONSAI] XSS in Achievo - Customized XSS payload included 2009-10-13
Bonsai - Information Security (advisories bonsai-sec com)
Bonsai Information Security - Advisory
http://www.bonsai-sec.com/research/

Multiple XSS in Achievo

1. *Advisory Information*

Title: Multiple XSS in Achievo
Advisory ID: BONSAI-2009-0101
Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/ach

[ more ]  [ reply ]
[AntiSnatchOr] Pentaho Bi-server multiple vulnerabilities 2009-10-13
Michele Orru (antisnatchor gmail com)
Pentaho 1.7.0.1062 Multiple Vulnerabilities

 Name Multiple Vulnerabilities in Pentaho
 Systems Affected Pentaho <= 1.7.0.1062
 Severity High
 Impact (CVSSv2) High 7/10, vector: (AV:N/AC:L/Au:S/C:P/I:C/A:P)
 Vendor http://www.pentaho.com
 Advisory http://antisnatchor.com/2009/06/20/pentaho-1701062-m

[ more ]  [ reply ]
[BONSAI] SQL Injection in Achievo 2009-10-13
Bonsai - Information Security (advisories bonsai-sec com)
Bonsai Information Security - Advisory
http://www.bonsai-sec.com/research/

SQL Injection in Achievo

1. *Advisory Information*

Title: SQL Injection in Achievo
Advisory ID: BONSAI-2009-0102
Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/ac

[ more ]  [ reply ]
[AntiSnatchOr] Eclipse BIRT <= 2.2.1 Reflected XSS 2009-10-13
Michele Orru (antisnatchor gmail com)
Eclipse BIRT <= 2.2.1 Reflected XSS

Vendor: Eclipse
Advisory: http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xss/
Author: Michele "euronymous" Orrù (euronymous AT antisnatchor DOT com)

Quite a common problem in a lot of Java based applications: reflected
XSS in Java stack trace.

A Ref

[ more ]  [ reply ]
WASC Announcement: 2008 Web Application Security Statistics Published 2009-10-16
announcements webappsec org

The Web Application Security Consortium (WASC) is pleased to announce
the WASC Web Application Security Statistics Project 2008. This
initiative is a collaborative industry wide effort to pool together
sanitized website vulnerability data and to gain a better understanding
about the web application

[ more ]  [ reply ]
WASC Announcement: Announcing the Web Application Security Scanner Evaluation Criteria v1 2009-10-08
announcements webappsec org


The Web Application Security Consortium is pleased to announce the release
of version 1 of the Web Application Security Scanner Evaluation Criteria
(WASSEC). The goal of the WASSEC project is to create a vendor-neutral
document to help guide information security professionals during web
applicati

[ more ]  [ reply ]
FBController - (Facebook Control Utility) version 2.0 2009-09-15
QUAKER DOOMER (quakerdoomer inbox lv)
FBController - The Ultimate Utility to Control Facebook accounts without the
Password.

Let me clear this again like last time that this utility WON'T hack/crack Facebook accounts.
The utility will need biscuits/cookies instead of the password.

Get the target's cookie by sniffing, XSS, social engi

[ more ]  [ reply ]
How to enable LDAP signing on client side 2009-09-14
Jianrong Yu (yuj ohio edu) (1 replies)
Hi All,

The link <http://support.microsoft.com/kb/935834> is the step the How to
enable LDAP signing in Windows Server 2008.

How to enable LDAP signing on client side?

Thanks,

Jianrong Yu
Systems Operation
Office of Information technology
Ohio University

[ more ]  [ reply ]
Re: How to enable LDAP signing on client side 2009-09-15
Peter M. Jansson (petej clickvision com)
Running ratproxy from windows command prompt without installing cygwin 2009-09-10
dec123 (amit vasant lionbridge com)

Hi,
Can anybody tell me how to run ratproxy from windows comand prompt,without
installing cygwin.
--
View this message in context: http://www.nabble.com/Running-ratproxy-from-windows-command-prompt-witho
ut-installing-cygwin-tp25380915p25380915.html
Sent from the Web App Security mailing list archi

[ more ]  [ reply ]
nullcon Goa 2010 Call For Papers 2009-09-13
nullcon nullcon (nullcon nullcon net)
Calling all greyhats, whitehats, blackhats, rainbowhats, nohats,
underground, aboveground, in-the-sky, on-the-moon, Grannies,
Grandpas, martians, Doodhwalas, Kaamwalis, Bai, Bhai, Chuck norris Fans,
Mithun Da Fans, Himesh Reshamiya wannabees??..

Call For Paper is officially open for nullcon Goa 201

[ more ]  [ reply ]
Web 2.0 support group 2009-09-09
Steven M. Christey (coley linus mitre org) (1 replies)

So I've been an observer of the "Web 2.0 is a security nightmare" camp
with the occasional head nods and detached agreement, being enough of a
generalist that I didn't have anything to add to the alarms raised by the
specialists. Where is the support group for those who have recently
realized just

[ more ]  [ reply ]
Re: Web 2.0 support group 2009-09-09
Steve Pinkham (steve pinkham gmail com) (1 replies)
Re: Web 2.0 support group 2009-09-09
Catherine Pagliaro (cc csfm com)
(Page 1 of 308)  1 2 3 4 5 6 7 8 9 10 11  Next >







 

Privacy Statement
Copyright 2009, SecurityFocus