Web Application Security Mode:
(Page 10 of 331)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
SANS AppSec 2012 CFP reminder 2011-12-02
SANS AppSec CFP (callforpapers-appsec sans org)
Hi everyone,

It's been over a month since we first announced the CFP for the SANS
AppSec Summit being held in Las Vegas, Nevada on April 30 - May 1, 2012.

We've received a number of great submissions so far but there's only two
months left until the deadline on February 1, 2012. If you'd like to

[ more ]  [ reply ]
CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday. Dec 5 2011 2011-12-02
Dragos Ruiu (dr kyx net)
So after a dozen years or so organizing conferences, you
get the urge to pull levers and try experimenting with
things. So this year I sent out the CanSecWest CFP
only over Twitter, and G+ publicly. Just curious as to the
adoption and information dispersion rate, and some
estimate of the attent

[ more ]  [ reply ]
different ways to use INTO OUTFILE in MySQL 2011-11-25
Robin Wood (robin digininja org)
Hi
I've been talking to Miroslav (sqlmap developer) about the way he
creates files using INTO OUTFILE. He uses the following syntax:

select "" INTO OUTFILE "/tmp/x" LINES TERMINATED BY "<?php exec('ls');?>";

But I've always used:

select "<?php exec('ls');?>" INTO OUTFILE "/tmp/y";

Both end up wi

[ more ]  [ reply ]
CarolinaCon-8 (2012) Call for Papers/Presenters/Speakers 2011-11-21
Vic Vandal (vvandal well com)
CarolinaCon-8/2012 - Call for Papers/Presenters/Speakers

h4x0rs, InfoSec professionals, international spies, script kidz, and posers,

CarolinaCon-8 will occur on May 11th-13th 2012 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event.

If you are s

[ more ]  [ reply ]
Understanding the four attack modes in Burp Intruder 2011-11-09
Robin Wood (robin digininja org)
Seeing as I have to think about which mode does what when using Burp
Intruder I decided to do a blog post about it to hopefully solidify it
in my mind and help anyone else who wasn't sure:

http://www.digininja.org/blog/burp_intruder_types.php

Robin

This list is sponsored by Cenzic
-------------

[ more ]  [ reply ]
New w3af release! (1.1) 2011-11-10
Andres Riancho (andres riancho gmail com)
Guys,

Today we're releasing version 1.1 of w3af which includes the
following changes:

* Considerably increased performance by implementing gzip encoding
* Enhanced embedded bug report system using Trac's XMLRPC
* Fixed hundreds of bugs
* Fixed critical bug in au

[ more ]  [ reply ]
MSIS research 2011-11-10
Steve Sirag (stevesirag gmail com)
Hi,

My name is Steve Sirag. I'm studying for my Master's of Science in
Information Systems (emphasis on security).

My final research project is to discover the limits corporate
networks place on social networking applications, and

how it compares to online and print discussions of the same.

[ more ]  [ reply ]
WordPress All Versions Full Path Disclosure (FPD) 2011-11-08
Ryan Dewhurst (ryandewhurst gmail com)
Hi,

As part of my research on my tool WPScan, I have run the inspathx tool
against every version of WordPress released, excluding BETA and MU
releases.

The result is this tar file which contains a txt file for every
version of WordPress and the Full Path Disclosure vulnerabilities
which effect the

[ more ]  [ reply ]
Re: SMS protection 2011-10-29
Marcel Tudorache (marceltudorache yahoo com)
Hi Nick,

Thank you for your answer.
It would be interesting to know why do you think that it couldn't be used for online banking?

What I like about the SMSes as compared to the cryptografic tokens, is that you can receive the transaction details on your GSM which should be safer than via the email

[ more ]  [ reply ]
Re: outlook web access authentication 2011-10-26
Neil McAllister (neilmca2011 gmail com)

I think its critical to secure outward facing applications such as OWA, or
sharepoint! We used deepnet security dualshield to lock down all our IIS7
applications as well terminal services, rdp and vpn connections etc. I would
recommend deepnet security. Their dualshield platform will secure OWA,
Sh

[ more ]  [ reply ]
SANS AppSec 2012 CFP is Open 2011-10-26
SANS AppSec CFP (callforpapers-appsec sans org)
Hi everyone,

We're happy to announce that the sixth annual SANS AppSec Summit will be
held in Las Vegas, Nevada on April 30 - May 1, 2012.

The theme for this conference is "Application Security at Scale".

Billions of records in the cloud. Millions of smart mobile devices.
Millions of developers

[ more ]  [ reply ]
AppSec DC 2012 - Call for Trainers 2011-10-24
AppSec DC (cfp appsecdc org)
Colleagues,

OWASP is currently soliciting training providers for the OWASP AppSec
DC 2012 regional conference that will take place at the Walter E.
Washington Convention Center (801 Mount Vernon Place NW Washington, DC
20001) on April 2nd through 5th of 2012.  The theme for this year's
conference i

[ more ]  [ reply ]
Agnitio Security Code Review Tool v2.1 released 2011-10-24
David Rook (david a rook gmail com)
Hi,

I've released an update to Agnitio which I hope will help people
carryout security focused code reviews and find vulnerabilities in the
source code they are reviewing.

The major changes in v2.1 are listed below:

1) Windows x64 support

2) Automatically decompile Android .apk application to ea

[ more ]  [ reply ]
SMS protection 2011-10-21
Marcel Tudorache (marceltudorache yahoo com) (4 replies)
Hi,

I was wondering how secure is an SMS to be used as authentication/transaction signing means for an application similar with online banking.

To make the analysis more targeted the following assumptions are made:
- I understand that the new smartphones can get viruses, but I would like to analy

[ more ]  [ reply ]
Re: SMS protection 2011-10-25
Fyodor (fygrave gmail com) (1 replies)
Re: SMS protection 2011-10-29
Marcel Tudorache (marceltudorache yahoo com)
Re: SMS protection 2011-10-25
Francois Yang (francois y gmail com)
RE: SMS protection 2011-10-25
Jesse Mundis (jesse voltage com)
Re: SMS protection 2011-10-25
Robin Wood (robin digininja org)
AppSec DC 2012 CFP is OPEN! 2011-10-12
AppSec DC (cfp appsecdc org)
Colleagues,

Building on the success of AppSec DC 2010 and 2009, OWASP is pleased
to announce the next OWASP AppSec DC conference. The theme for this
year's conference is "OWASP - Not just webapps anymore" to reflect the
new and revised scope of OWASP to include all application security
issues inst

[ more ]  [ reply ]
Concrete5 <= 5.4.2.1 SQL Injection and XSS Vulnerabilities 2011-10-04
Ryan Dewhurst (ryandewhurst gmail com)
# Exploit Title: Concrete5 <= 5.4.2.1 SQL Injection and XSS Vulnerabilities
# Date: 2011-10-04
# Author: Ryan Dewhurst (ryandewhurst at gmail) (@ethicalhack3r)
(www.ethicalhack3r.co.uk)
# Software Link:
http://sourceforge.net/projects/concretecms/files/concrete5/5.4.2.1/
# Version: 5.4.2.1 (tested)

[ more ]  [ reply ]
new tool, File Disclosure Browser 2011-09-27
Robin Wood (robin digininja org)
Hi
I've released a new tool, the File Disclosure Browser. The app takes
.DS_Store files found on websites and parses through them to find a
list of all potential files in the directory. It can then either just
display the URLs for the files or if you give it a proxy it can browse
to the files itself

[ more ]  [ reply ]
Re: new tool, File Disclosure Browser 2011-09-27
Robin Wood (robin digininja org)
Take two on the URL:

http://www.digininja.org/projects/fdb.php

Robin

On 27 September 2011 13:40, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:
> Hi
> I've released a new tool, the File Disclosure Browser. The app takes
> .DS_Store files found on websites and parses through them to find a
> list of all

[ more ]  [ reply ]
winAUTOPWN v2.8 - Released with mod_shellcode for Reverse Shell and other OS Shellcodes 2011-09-28
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

This is to announce release of winAUTOPWN version 2.8
This version covers almost all remote exploits up-till September 2011 and a few older ones as well.

Also added in this release are a few ruby exploits which require 'socket' alone for interpretation. Gee-Hence,
winAUTOPWN now require

[ more ]  [ reply ]
RE: Should or shouldn't block public ping to a website 2011-09-14
Martin O'Neal (martin oneal corsaire com)

> I think the point of a number of previous posters
> is that there ARE requirements for certain of the
> ICMP subcodes in order for the Internet to work
> properly - ICMP Do not fragment being one which
> is required for Path MTU discovery, for example.
> Stuff still works without it, but not

[ more ]  [ reply ]
RE: Should or shouldn't block public ping to a website 2011-09-12
Martin O'Neal (martin oneal corsaire com)

> ICMP redirect could be used.

I would be surprised if any router would propagate ICMP redirect either
off or onto the local network...

> ICMP offers limited benefits

Agreed. Same as for all protocols; if it isn't explicitly required, then
switch it off.

Martin...

This list is sponsored b

[ more ]  [ reply ]
(Page 10 of 331)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus