Web Application Security Mode:
(Page 6 of 330)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Penetration tests and social engineering? 2012-11-05
Pent (dawid redyk software com pl)

Hey there
I m sending free issue of PenTest Magazine, all specialists should check it
to ensure they know everything on the topic :)
It's free: http://pentestmag.com/special/socialengise.php PenTest Magazine

If anyone have any questions please feel free to ask, we can discuss on
forum.

Best Rega

[ more ]  [ reply ]
security standards 2012-11-05
Svejk It (svejkit gmail com)
Hi,
If an organisation is looking to purchase or subscribe to a web
application service, are there any security standards it can request
the supplier to conform to? For example, it may like to have some
assurance that SQL injection is not possible. If so, are these
standards widely adopted?
Or, if t

[ more ]  [ reply ]
Burp Suite Free Edition v1.5 released 2012-11-02
PortSwigger support (support portswigger net)
Burp Suite Free Edition v1.5 is now available to download from
http://portswigger.net/

This is a significant upgrade with a wealth of new features added since
v1.4, most notably:

* Completely new user interface with numerous usability enhancements.

* Several new Proxy listener options, to deal wi

[ more ]  [ reply ]
OWASP Zed Attack Proxy: Weekly releases 2012-10-22
psiinon (psiinon gmail com)
Hi folks,

Just a quick email to let you know that we are now generating weekly
OWASP ZAP releases.
These are just intended for people who want to use all of the features
we've added since 1.4.* but dont want the hassle of building ZAP from
the source code.
While we endeavor to ensure that weekly re

[ more ]  [ reply ]
CarolinaCon-9 / 2013 - Call for Presenters/Speakers 2012-10-11
Vic Vandal (vvandal well com)
h4x0rs, InfoSec professionals, g33k girls, international spies, and script kidz,

CarolinaCon-9 will occur on March 15th-17th 2013 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event.

If you are somewhat knowledgeable in any interesting field of hac

[ more ]  [ reply ]
Re: [WEB SECURITY] Bypassing WAF via HTTP Pollution 2012-10-04
Ivan Ristic (ivan ristic gmail com) (1 replies)
I guess this would be a good opportunity for me to mention my research
on the topic:

Protocol-level evasion of web application firewalls
http://blog.ivanristic.com/2012/07/protocol-level-evasion-of-web-applica
tion-firewalls.html

On Wed, Oct 3, 2012 at 10:55 AM, Danux <danuxx (at) gmail (dot) com [email concealed]> wrote:
> B

[ more ]  [ reply ]
Re: [WEB SECURITY] Bypassing WAF via HTTP Pollution 2012-10-08
Robin Wood (robin digininja org) (1 replies)
Re: [WEB SECURITY] Bypassing WAF via HTTP Pollution 2012-10-08
Ivan Ristic (ivan ristic gmail com) (1 replies)
RE: [WEB SECURITY] Bypassing WAF via HTTP Pollution 2012-10-08
Dave Wichers (dave wichers aspectsecurity com) (1 replies)
Re: [WEB SECURITY] Bypassing WAF via HTTP Pollution 2012-10-08
Rcbarnett (rcbarnett gmail com)
Bypassing WAF via HTTP Pollution 2012-10-03
Danux (danuxx gmail com)
By playing CSAW CTF you always learn something new (at least myself).

Hope you enjoy it:

http://danuxx.blogspot.com/2012/10/bypassing-waf-via-http-parameter.html

--
DanUx

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally H

[ more ]  [ reply ]
winAUTOPWN v3.2 Released 2012-10-03
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

This is to announce release of winAUTOPWN version 3.2

A complete list of all Exploits in winAUTOPWN is available inside MISC\CHANGELOG.TXT
A complete list of User Interface changes is available in MISC\UI_CHANGES.txt

BSDAUTOPWN has been compiled, like always for various flavour

[ more ]  [ reply ]
Arachni v0.4.1 has been released (Open Source Web Application Security Scanner Framework) 2012-10-03
Tasos Laskos (tasos laskos gmail com)
Hey folks,

This is just to let you know that there's a new version of Arachni.

Arachni is a modular and high-performance (Open Source) Web Application
Security Scanner Framework written in Ruby.

The change-log is quite sizable but the gist is:
* License change, Apache License v2.
* Additio

[ more ]  [ reply ]
nullcon Goa 2013 Call For Papers/Events 2012-09-05
nullcon (nullcon nullcon net)
CALL FOR PAPERS/EVENTS
IDEATE, INVENT, INNOVATE
++++++++++++++++++++++

Hello! Aloha! Namaskar! Ni Hau! Guten Tag! Privet! Salam-wale-kum!
Hej! Ahoj! Bonjour! Terve! Ciao! Konnichiva! Selamat! Barev! Jum Reap
Sour! Selamat! ahnnyeong ha se yo! Salvete! Moien! Selamat datang!
Bonswa! sain baina uu! K

[ more ]  [ reply ]
QNAP Turbo NAS Multiple Path Injection 2012-09-04
Andrea Fabrizi (andrea fabrizi gmail com)
**************************************************************
Vulnerability: Multiple Path Injection
Product: QNAP Turbo NAS
Vendor: QNAP
Version affected: <= 3.7.3 build 20120801
Status: Unpatched
Website: http://web.qnap.com/pro_detail_feature.asp?p_id=202
Discovered by: Andrea Fabrizi
Email: and

[ more ]  [ reply ]
t2â?²12: Challenge to be released 2012-09-01 10:00 EEST 2012-08-29
Tomi Tuominen (tomi tuominen t2 fi)
It is that time of the year again - weâ??re pleased to announce the
release of the t2â??12 Challenge!

This yearâ??s challenge starts from the homepage of a young woman who is
rumored to be the girlfriend of an infamous carder. To solve the
challenge, the participants need to step into investigator'

[ more ]  [ reply ]
WATOBO 0.9.9 release 2012-08-16
Andreas Schmidt (webappsec siberas de)
Hi everybody,

I've just pushed the final release of WATOBO 0.9.9 to rubygems.org.

= WATOBO - The Web Application ToolBox
WATOBO is intended to enable security professionals to perform
(semi-automated) web application security audits and penetration tests.

== NEWS
* Transparent Proxy Mode ->
htt

[ more ]  [ reply ]
Administrivia: Out of office replies 2012-08-15
Andrew van der Stock (vanderaj greebo net)
Can folks please ensure that their e-mail systems do not process out
of office replies to the mail list.

As moderator, I get them and they go straight to /dev/null. Please
hope that I don't approve any, or else everyone will know that only
your cat is home. :)

thanks,
Andrew

This list is sponso

[ more ]  [ reply ]
Password Blacklist 2012-08-14
Reed Black (reed unsafeword org) (3 replies)
Can anyone recommend a good password dictionary, preferably one where
the author speaks to the method of its construction?

As part of our authentication system, I want to blacklist the most
commonly used passwords. I searched for dictionaries for use with John
the Ripper, hoping to use one of these

[ more ]  [ reply ]
Re: Password Blacklist 2012-08-15
Nick Galbreath (nickg client9 com)
Re: Password Blacklist 2012-08-15
Per Thorsheim (per thorsheim net) (1 replies)
Re: Password Blacklist 2012-08-15
Reed Black (reed unsafeword org) (2 replies)
Re: Password Blacklist 2012-08-15
Per Thorsheim (per thorsheim net) (1 replies)
Re: Password Blacklist 2012-08-16
Snipe (snipe snipe net)
RE: Password Blacklist 2012-08-15
Nigel Ball (Nigel K Ball dsl pipex com)
Re: Password Blacklist 2012-08-15
Andrew van der Stock (vanderaj greebo net)
Parameter name injection - Not tested by WebInspect 9.x 2012-08-09
Danux (danuxx gmail com) (1 replies)
Old technique but still out of testers' radar. Ninety nine percent
(99%) of tools concentrate on identifying and injecting malicious code
into parameter values, also 99% of Developers concentrate on html
encoding parameter values specially to prevent client-side attacks,
but what about parameter nam

[ more ]  [ reply ]
RE: Parameter name injection - Not tested by WebInspect 9.x 2012-08-09
Dafydd Stuttard (dafydd stuttard portswigger net)
[HITB-Announce] HITB Magazine Issue 009 - Call for Submissions 2012-08-09
Hafez Kamal (aphesz hackinthebox org)
This is a call for article submissions for Issue 009 of HITB's quarterly
magazine - http://magazine.hitb.org/ which will be released alongside
#HITB2012KUL - The 10 year anniversary of the HITB Security Conference
series in Malaysia.

HITB Magazine is a deep-knowledge technical publication and we ar

[ more ]  [ reply ]
Re: Testing Webservices ASMX 2012-08-06
Arvind (arvind doraiswamy gmail com)
Forwarding to the list..

> Thnx Kevin...I didn't ..no. Largely I kind of ran out of time. So when
> I saw that I could not break out of the XML tags, I kind of gave up on
> it. Are you saying though, even though you can't break out of tags, by
> say closing them, you can still inject data using th

[ more ]  [ reply ]
(Page 6 of 330)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus