Web Application Security Mode:
(Page 11 of 331)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >
Re: Should or shouldn't block public ping to a website 2011-09-09
Sandeep Cheema (51l3n7 live in)
Why are you not allowing ICMP? Is the server itself exposed or behind a netscaler or some routing device? Even if it's not covered behind, you can allow ping. The only exploit with ping is the ping of death, which is obsolete now. Use a software IDS\IPS?

Regards, Sandeep

Sent from BlackBerry® on A

[ more ]  [ reply ]
Should or shouldn't block public ping to a website 2011-09-05
ShiYih Lye (shiyih lye my offgamers com)

All this while I'm not allowing any public ping to the website I'm
maintaining, but it's making me tougher to troubleshoot should any
user from the globe having trouble to access our website, as I can't
make them to send a proper traceroute report.

To your opinion, is it necessary to block pub

[ more ]  [ reply ]
Insomnia: Whitepaper - LFI With PHPInfo Assistance 2011-09-06
Brett Moore (brett moore insomniasec com)

Insomnia Security :: LFI With PHPInfo Assistance

Name: LFI With PHPInfo Assistance
Released: 06 September 2011
Author: Brett Moore, Insomnia Security
Original Lin

[ more ]  [ reply ]
Re: Should or shouldn't block public ping to a website 2011-09-07
ShiYih Lye (shiyih lye my offgamers com) (1 replies)

What Todd said is pretty true, and that is what playing in my mind,
"what does blocking ICMP ping from public will buy me ?"

I have some other suggest me to use TCP traceroute to solve the issue
of not being able to get the traceroute result from my user during
troubleshooting. But the problem

[ more ]  [ reply ]
Re: Should or shouldn't block public ping to a website 2011-09-09
Andre Correa (andre correa pobox com)
t2â?²11 Challenge to be released 2011-09-10 10:00 EEST 2011-09-04
Tomi Tuominen (tomi tuominen t2 fi)
Hash: SHA1

It is that time of the year again!

Since the dawn of our species (well 2005, if you want to be picky about
it) t2 has been granting free admission to the elite of their kind, the
winners of the t2 Challenges. Donâ??t be suckered in by all the cheap

[ more ]  [ reply ]
Pen Test Interview Day in London Information 2011-08-30
Camille Johnston (camille johnston ascentsourcing com)
Hi all,

I hope everyone had a lovely bank holiday weekend.

I was advised by a pen test friend of mine to use this to find out if any pen testers- especially ones with strong web application skills- are looking for opportunities?

One pen test company I represent is having an interview day i

[ more ]  [ reply ]
NYU Poly CSAW CTF 2011-08-26
CSAW CTF (csaw_ctf isis poly edu)
NYU Poly, the ISIS lab, our CTF team and friends are proud to announce
the 2011 CSAW Application Security Capture The Flag Competition!

The CSAW CTF is an attack-only CTF competition where competitors break
into applications and systems for points.

For more information and rules see:  https://csa

[ more ]  [ reply ]
Ruxcon 2011 Final Call For Papers 2011-08-15
cfp ruxcon org au
Ruxcon 2011 Final Call For Papers

The Ruxcon team is pleased to announce the final call for papers for the seventh annual Ruxcon conference.

This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function Centre, Melbourne, Australia.

The deadline for sub

[ more ]  [ reply ]
[RAID 2011] Call for Participation 2011-08-12
Guofei Gu (smartgophy gmail com)
Apologies for multiple copies of this announcement.

14th International Symposium on Recent Advances in Intrusion Detection

September 20-21, 2011
SRI International, Menlo Park, CA

Call for Participation


[ more ]  [ reply ]
RE: [Full-disclosure] CAT Version 1 Released - Web App Testing Tool 2011-08-09
Context IS - Disclosure (disclosure contextis co uk)
Under native Windows, CAT will only use IE to render the HTML. I can see your point as to why you might not want to use IE and I will look into adding in a Gecko rendering option for the next version.

Under Mono it uses the Mono provided WebBrowser control, which rendering engine is used depends

[ more ]  [ reply ]
CAT Version 1 Released - Web App Testing Tool 2011-08-04
Context IS - Disclosure (disclosure contextis co uk)
Context App Tool (CAT) Version 1 has been released.

CAT is a tool for manual web application penetration testing and includes the following features:
- Request Repeater ? Used for repeating a single request
- Proxy ? Classic Inline proxy
- Fuzz

[ more ]  [ reply ]
Agnitio Security Code Review Tool v2.0 released 2011-08-04
David Rook (david a rook gmail com)

I've released an update to Agnitio which I hope will help people
carryout security focused code reviews and find vulnerabilities in the
source code they are reviewing.

The major changes in v2.0 are listed below:

1) Basic code analysis module with rules for analysing Android and iOS

[ more ]  [ reply ]
jQuery is a Sink 2011-07-28
Stefano Di Paola (stefano dipaola wisec it)
maybe the client side security people may be interested :


Stefano Di Paola
Software & Security Engineer

Owasp Italy R&D Director

Web: www.wisec.it
Twitter: http://twitter.com/WisecWisec

[ more ]  [ reply ]
winAUTOPWN v2.7 - Released with a detailed 'HowTo' Document 2011-07-20
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

This is to announce release of winAUTOPWN version 2.7
This version covers almost all remote exploits up-till mid-July 2011 and a few older ones as well.

This version incorporates a few new commandline parameters: -perlrevshURL (for a PERL Reverse Shell URL), -
mailFROM (smtpsender) an

[ more ]  [ reply ]
Re: securing a deliberately vulnerable web app 2011-07-12
bournenapste (at) gmail (dot) com [email concealed] (bournenapste gmail com)
This is a article i would like everyone of us who are interested in
detecting the latest threats and Honeypots related stuff should read
this ===>

The Honeypot Incident ? How strong is your UF (Reversing FU)

[ more ]  [ reply ]
Analyzing the Biggest Bank Robbery in History 2011-07-12
Pete Herzog (lists isecom org)

"I was at a cafe in Bern, Switzerland last year to meet with two other
ISECOMers: Nick Mayencourt, a Board Director and Philipp Egli an
ISECOM trainer and the talk turned to robbing banks. That's not
uncommon because Switzerland is very big on banking and also very big
on security, especial

[ more ]  [ reply ]
[HITB-Announce] REMINDER: HITB2011 - Malaysia Call for Papers Closes on the 15th 2011-07-11
Hafez Kamal (aphesz hackinthebox org)
This is a reminder that the Call for Papers for the 9th annual
HITBSecConf in Malaysia is closing this Friday, 15th of July. The event
takes place from the 10th - 13th of October at the Intercontinental
Kuala Lumpur.

As always, talks that are more technical or that discuss new and never
before seen

[ more ]  [ reply ]
Fwd: securing a deliberately vulnerable web app 2011-07-08
bournenapste (at) gmail (dot) com [email concealed] (bournenapste gmail com)
---------- Forwarded message ----------
From: bournenapste (at) gmail (dot) com [email concealed] <bournenapste (at) gmail (dot) com [email concealed]>
Date: Fri, Jul 8, 2011 at 9:52 AM
Subject: Re: securing a deliberately vulnerable web app
To: Robin Wood <robin (at) digininja (dot) org [email concealed]>

I will suggest use Xen -Hypervisor instead of Vmware because it
provides a be

[ more ]  [ reply ]
RE: DOS Web App 2011-07-08
Karl Lockhart (karlockhart pureliquidawesome com)
Not sure if it serves your purpose but Selenium (seleniumhq.org) seems promising.

Rajesh Gopisetty <rgopise (at) microsoft (dot) com [email concealed]> wrote:

>You should be able to use any of the load testing tools to accomplish this task.
>Win-runner, Visual Studio Test Suite etc..
>-----Original Message-----
>From: lis

[ more ]  [ reply ]
Ivan Markovic (ivanm security-net biz)
Hello everyone, we have new research paper:

HTTP PARAMETER CONTAMINATION (HPC) original idea comes from the innovative
approach found in HPP research by exploring deeper and exploiting strange
behaviors in Web Server components, Web Applications and Browsers as a
result of query string parameter c

[ more ]  [ reply ]
Re: securing a deliberately vulnerable web app 2011-07-05
Robin Wood (robin digininja org)
On 5 July 2011 22:32, Charlie Belmer <charlie.belmer (at) gmail (dot) com [email concealed]> wrote:
> Hi Robin,
> A couple of suggestions:
> Definitely VM it and roll it back frequently. You might want a list of
> warnings to watch for, like someone trying to install root kits or run
> certain shell commands, at which point

[ more ]  [ reply ]
Re: securing a deliberately vulnerable web app 2011-07-05
Robin Wood (robin digininja org)
On 5 July 2011 16:56, arvind doraiswamy <arvind.doraiswamy (at) gmail (dot) com [email concealed]> wrote:
> On Mon, Jul 4, 2011 at 4:21 AM, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:
>> This is a question for anyone who runs a deliberately vulnerable web
>> app on a public facing site to allow people to test hacking it or t

[ more ]  [ reply ]
(Page 11 of 331)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >


Privacy Statement
Copyright 2010, SecurityFocus