social acceptance is a horrible way to enforce change anyway.

Japanese internment camps, the Holocaust, the cival rights wars of the
American 40's, 50's, and 60's, the American "red scare", the "gay
bashing" that goes on to this day. All examples of large groups of
people often doing things they d

[ more ]  [ reply ]

Hello Bugtraq!
Hello Full-Disclosure!

The study of security web applications stumbled on the possibility of an
attack such as the introduction of SQL injection unusual way.

All user data, which fall into the base with a query like INSERT filtered
using the mysql_real_escape_string().

However, u

[ more ]  [ reply ]

This is the FINAL CALL to submit your talk / presentation proposals for
the inaugural HITB Security Conference in Europe! Submissions are due
by 19TH APRIL 2010.

HITBSecConf2010 - Amsterdam takes place at the Grand Krasnapolsky from
the 29th of June till the 2nd of July (Tuesday - Friday) with keyn

[ more ]  [ reply ]

Hello everyone,
Casaba is happy to make x5s available for download - a specialized Web-app testing Fiddler addon aimed at helping security testers find XSS hotspots. It's main goal is to help you identify those hotspots by:

- Detecting where safe encodings were not applied to emitted user-inputs

[ more ]  [ reply ]

Hello,

Does anybody have experience in carrying out an application pentest of
any BPM products like Pega? If so, then can anybody please let me know
what are the basic points to keep in mind while carrying out pentest
of such products?

On an additional note, are there any legal issues in carrying

[ more ]  [ reply ]

hi all, i am using burp proxy 1.3 to look at a webstie through a http proxy - http://something.com . the website redirects to https, and then burp gives the message "Burp proxy error: Unrecognized SSL message, plaintext connection? "

this seems to be a common java error, and the burp suite documen

[ more ]  [ reply ]

Blog on labs.mudynamics.com: http://bit.ly/aHFiFc

Enjoy,

K.
---
http://www.pcapr.net
http://twitter.com/pcapr

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

[ more ]  [ reply ]

Dear all,

This is to announce release of winAUTOPWN version 2.2
This version covers remote exploits up-till March 2010.
A complete list of all Exploits in winAUTOPWN is available in CHANGELOG.TXT

Also, this version is :
Introducing BSDAUTOPWN 1.0. This is the BSD equivalent for winAUTOPWN. In this

[ more ]  [ reply ]

Hi,

For a nod n web/database/programming person what are the essentials
for understanding and preventing sql injection (for both encyrpted and
non-encrypted traffic) ? Can you also recommend

online/offline resources for these?

Regards

This list is sponsored by Cenzic
--------------------------

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[ We apologize in case you get double postage. Please Spread ;) ]

We are please to annouce the schedule of the first Hackito Ergo Sum
Conference, to be held in Paris, France, from April 8th to 10th.

- --[ Conference details

* Location:
Mains d'oeuv

[ more ]  [ reply ]

Justin Lundy (Founder & CEO, Subterrain) was replaced by Fyodor Yarochkin & The Grugq. Sorry about that Fyodor! :D

---
Hafez Kamal
HITB Crew
Hack in The Box (M) Sdn. Bhd.
Suite 26.3, Level 26, Menara IMC,
No. 8 Jalan Sultan Ismail,
50250 Kuala Lumpur,
Malaysia

Tel: +603-20394724
Fax: +603-2031835

[ more ]  [ reply ]

g . o . a . t . s . e s . e . c . u . r . i . t . y
g . a . p . i . n . g h . o . l . e . s e . x . p . o . s . e . d
http://security.goatse.fr/
(323) 306-4576

attention: due to technical limitation

[ more ]  [ reply ]

The videos from the 7th annual Hack in The Box security conference held
in Malaysia last year have been released! On a related note, do keep in
mind that online registration for HITBSecConf2010 - Dubai closes in less
than 4 weeks and the Call for Papers for HITBSecConf2010 - Amsterdam is
still open

[ more ]  [ reply ]

Apologies for the Cross-posting..

http://www.darkreading.com/vulnerability_management/security/app-securit
y/showArticle.jhtml?articleID=224000380

skipfish - web application security scanner

Written and maintained by Michal Zalewski <lcamtuf (at) google (dot) com [email concealed]>.
Copyright 2009, 2010 Google Inc, rights res

[ more ]  [ reply ]

Hi All,

Checkmarx has recently launched an on demand security scanning service.
We would like to extend an offer to all WebAppSec members for a free trial.
The scans support all common languages included in the Java and .Net
families.

In addition members will enjoy some benefits like:
? Support  f

[ more ]  [ reply ]

Conference agenda for HITBSecConf2010 - Dubai has been announced!

Welcoming Address by H.E Mohammed Nasser Al-Ghanim (Director General, UAE Telecom Regulatory Authority - TRA) -- TBC

Keynote 1: John Viega (CTO, SaaS, McAfee Inc.) -- A/V Vendors Aren't As Dumb As They Look
Keynote 2: Matt Watchinsk

[ more ]  [ reply ]

Rogan Dawes wrote:
> Unfortunately, your first requirement seems to suggest against your
> suggestion. :-)
>
> As an open source app, the student would be able to see the change logs,
> and any security announcements for the app, and would be able to make
> use of those to identify known vulne

[ more ]  [ reply ]

Hello,

I have a student who wants to perform a mostly manual security review
of some Java web application as his master's thesis work. I am well
aware of pedagogical, deliberately insecure applications like Webgoat
and many others. However, we need a real application for this:

- Real code, since t

[ more ]  [ reply ]