Web Application Security Mode:
(Page 2 of 330)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
OWASP Vulnerable Web Applications Directory Project 2013-10-18
psiinon (psiinon gmail com)
The OWASP Vulnerable Web Applications Directory (VWAD) Project is a
comprehensive and well maintained registry of all known vulnerable web
applications currently available. These vulnerable web applications
can be used by web developers, security auditors and penetration
testers to put in practice t

[ more ]  [ reply ]
OWASP Xenotix XSS Exploit Framework 4.5 is Relesed 2013-10-15
Ajin Abraham (ajin25 gmail com)
Hello,
OWASP Xenotix XSS Exploit Framework V4.5 is Released.

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site
Scripting (XSS) vulnerability detection and exploitation framework. It
provides Zero False Positive scan results with its unique Triple
Browser Engine (Trident, WebKit

[ more ]  [ reply ]
ImmuniWeb® Self-Fuzzer 2013-10-02
ImmuniWeb® Self-Fuzzer (self-fuzzer htbridge com)
ImmuniWeb® Self-Fuzzer is a simple Firefox browser extension designed to
detect Cross-Site Scripting (XSS) and SQL Injection vulnerabilities in
web applications.

It demonstrates how rapidly and easily these two most common types of
web vulnerabilities can be found even by a person who is not fa

[ more ]  [ reply ]
Arachni v0.4.5.1-0.4.2 has been released (Open Source Web Application Security Scanner Framework) 2013-09-14
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

* Optimized pattern matching to use less resources by grouping patterns to only
be matched against the per-platform pay

[ more ]  [ reply ]
secure cookies 2013-09-12
saghar estehghari (s estehghari gmail com)
Hi,

In the system that i'm working on, we are having some session cookies
on the client side that we need to protect against the replay attack !
So I find the following paper
http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf and I
really like the way that they put thing together. Ther

[ more ]  [ reply ]
OWASP Zed Attack Proxy 2.2.0 2013-09-11
psiinon (psiinon gmail com)
Hi folks,

ZAP 2.2.0 is now available from http://code.google.com/p/zaproxy/downloads/list

This includes support for scripts embedded in ZAP components like the
active and passive scanners as well as support for Zest - a new
security focused scripting language from the Mozilla security team.
It als

[ more ]  [ reply ]
CBC Byte Flipping Attack 101 Approach 2013-09-10
Danux (danuxx gmail com)
Nothing new, just a 101 approach of this attack:

http://danuxx.blogspot.com/2013/09/cbc-byte-flipping-attack-101-approach
.html

--
DanUx

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck

[ more ]  [ reply ]
Administrivia: Limited list admin for a little while 2013-09-05
Andrew van der Stock (vanderaj greebo net)
Hi there,

I will be off the grid for the next 10 days. Therefore, there will be
limited (i.e. none! nada! zip! zero!) posts approved until I get back.
This will the first time in 24 years that I've been away from the
Internet for this long.

Wish me luck!

thanks,
Andrew

This list is sponsored b

[ more ]  [ reply ]
SpiderFoot 2.0.4 released 2013-09-01
Steve Micallef (steve binarypool com)
Hi everyone,

I'm pleased to announce the release of SpiderFoot 2.0.4. SpiderFoot is a
free, multi-platform open-source footprinting and intelligence gathering
tool.

Since 2.0.0 was released in May, there have been a number of subsequent
releases not announced to these lists, so if you are upgra

[ more ]  [ reply ]
Checkout Passive Web Application Firewall (WAF) Testing Framework (like mod_security , naxsi etc) 2013-08-27
Bhaumik Merchant (wof bhaumik merchant gmail com)
Hello All,

Created one framework for Passively evaluating Web Application
Firewalls without
touching existing infrastructure and Web Application Firewall vendor
independent. Sniffing
(Passive mode) support for each and every Web Application Firewall
like mod_security. Code coming soon ! Checkout Ha

[ more ]  [ reply ]
Re: Forgotten Password 2013-08-21
saghar estehghari (s estehghari gmail com) (1 replies)
Hi list,

Thanks for the all the replies :)

@Clemens :The system is semi-trusted. This implies that we can't
access to user's data while he is offline (the data is encrypted at
rest). This is because the client is considered as a weakest link and
it is complicated for him to handle the keys secure

[ more ]  [ reply ]
Re: Forgotten Password 2013-08-21
Amol Arakh (amolarakh yahoo co in)
Samsung DVR authentication bypass 2013-08-20
Andrea Fabrizi (andrea fabrizi gmail com)
**************************************************************
Title: Samsung DVR authentication bypass
Version affected: firmware version <= 1.10
Vendor: Samsung - www.samsung-security.com
Discovered by: Andrea Fabrizi
Email: andrea.fabrizi (at) gmail (dot) com [email concealed]
Web: http://www.andreafabrizi.it
Twitter: @andre

[ more ]  [ reply ]
Forgotten Password 2013-08-20
saghar estehghari (s estehghari gmail com)
Hi,

In the system that I'm currently working on, the users authenticate
themselves using username and password. As this is kind of a secure
file sharing system, each user has a key that is drived from his
password and all of his data and files are encrypted using this key.

Since the password is no

[ more ]  [ reply ]
Awareness, Techniques, Careers 2013-08-13
Tom Brennan - OWASP (tomb owasp org)
Pardon the interruption;

OWASP Foundation presents,

AppSecUSA 2013

Http://www.appsecusa.org

Nov 18th - 21st, Time Square, NYC

Now back to your fuzzin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Web

[ more ]  [ reply ]
Arachni v0.4.4-0.4.2 has been released (Open Source Web Application Security Scanner Framework) 2013-08-12
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but some bullet points follow.

For the Framework (v0.4.4):

* New checks
* Source code disclosure (source_

[ more ]  [ reply ]
oauth token authentication 2013-08-12
saghar estehghari (s estehghari gmail com)
Hi,

On a cloud project that i'm currently working, we authenticate the
clients by password and get access to their keys using their password
(using a PBKDF2 function).

However, we want to provide the user with another option which is
authenticating with an oath token. So the problem that I'm facin

[ more ]  [ reply ]
RE: Secret Sharing 2013-08-03
JAntonakos excelsior edu

Symmetric encryption uses a single key. Asymmetric encryption uses public
and private keys.

You encrypt with the public key and decrypt with the private key.

Best,
JLA

Sent with Good (www.good.com)

-------- Original Message --------

From : listbounce (at) securityfocus (dot) com [email concealed]
To : saghar es

[ more ]  [ reply ]
Reply: End-to-End Email Encryption Solution 2013-08-03
Orfeo Chen (noir meta-4 me)
PGP Desktop fits quite well into the situation. It's commercial but the email encryption and decryption feature is absolutely free. Also, GPG if you want, it's open source.

Mohamed Farid <m.farid.shawara (at) gmail (dot) com [email concealed]>ï¼?

Dear All :

I am searching for a good End-to-End Email Security Solution ( Ope

[ more ]  [ reply ]
End-to-End Email Encryption Solution 2013-08-02
Mohamed Farid (m farid shawara gmail com) (5 replies)
Dear All :

I am searching for a good End-to-End Email Security Solution ( Open
Source of Commercial ) - Any advices ?
And previous experience ?

Thank you ,,,

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenz

[ more ]  [ reply ]
Re: End-to-End Email Encryption Solution 2013-08-03
Adrian Puente (puenteadrian gmail com)
Re: End-to-End Email Encryption Solution 2013-08-03
Paulo Cesar Breim \(PCB\) (paulo breim com br) (1 replies)
Re: End-to-End Email Encryption Solution 2013-08-04
Manolis Mavrofidis (mmavrofides gmail com)
Re: End-to-End Email Encryption Solution 2013-08-03
Izhar Ahmed Mujaddidi (izhara hotmail com) (1 replies)
Re: End-to-End Email Encryption Solution 2013-08-05
Brian Fritts (bfritts wcmc org)
Re: End-to-End Email Encryption Solution 2013-08-03
Tracy Reed (treed ultraviolet org)
Re: End-to-End Email Encryption Solution 2013-08-03
Mufti, Mueen (Mueen Mufti bestway co uk)
(Page 2 of 330)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus