Web Application Security Mode:
(Page 3 of 331)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Arachni v0.4.5.1-0.4.2 has been released (Open Source Web Application Security Scanner Framework) 2013-09-14
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

* Optimized pattern matching to use less resources by grouping patterns to only
be matched against the per-platform pay

[ more ]  [ reply ]
secure cookies 2013-09-12
saghar estehghari (s estehghari gmail com)
Hi,

In the system that i'm working on, we are having some session cookies
on the client side that we need to protect against the replay attack !
So I find the following paper
http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf and I
really like the way that they put thing together. Ther

[ more ]  [ reply ]
OWASP Zed Attack Proxy 2.2.0 2013-09-11
psiinon (psiinon gmail com)
Hi folks,

ZAP 2.2.0 is now available from http://code.google.com/p/zaproxy/downloads/list

This includes support for scripts embedded in ZAP components like the
active and passive scanners as well as support for Zest - a new
security focused scripting language from the Mozilla security team.
It als

[ more ]  [ reply ]
CBC Byte Flipping Attack 101 Approach 2013-09-10
Danux (danuxx gmail com)
Nothing new, just a 101 approach of this attack:

http://danuxx.blogspot.com/2013/09/cbc-byte-flipping-attack-101-approach
.html

--
DanUx

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck

[ more ]  [ reply ]
Administrivia: Limited list admin for a little while 2013-09-05
Andrew van der Stock (vanderaj greebo net)
Hi there,

I will be off the grid for the next 10 days. Therefore, there will be
limited (i.e. none! nada! zip! zero!) posts approved until I get back.
This will the first time in 24 years that I've been away from the
Internet for this long.

Wish me luck!

thanks,
Andrew

This list is sponsored b

[ more ]  [ reply ]
SpiderFoot 2.0.4 released 2013-09-01
Steve Micallef (steve binarypool com)
Hi everyone,

I'm pleased to announce the release of SpiderFoot 2.0.4. SpiderFoot is a
free, multi-platform open-source footprinting and intelligence gathering
tool.

Since 2.0.0 was released in May, there have been a number of subsequent
releases not announced to these lists, so if you are upgra

[ more ]  [ reply ]
Checkout Passive Web Application Firewall (WAF) Testing Framework (like mod_security , naxsi etc) 2013-08-27
Bhaumik Merchant (wof bhaumik merchant gmail com)
Hello All,

Created one framework for Passively evaluating Web Application
Firewalls without
touching existing infrastructure and Web Application Firewall vendor
independent. Sniffing
(Passive mode) support for each and every Web Application Firewall
like mod_security. Code coming soon ! Checkout Ha

[ more ]  [ reply ]
Re: Forgotten Password 2013-08-21
saghar estehghari (s estehghari gmail com) (1 replies)
Hi list,

Thanks for the all the replies :)

@Clemens :The system is semi-trusted. This implies that we can't
access to user's data while he is offline (the data is encrypted at
rest). This is because the client is considered as a weakest link and
it is complicated for him to handle the keys secure

[ more ]  [ reply ]
Re: Forgotten Password 2013-08-21
Amol Arakh (amolarakh yahoo co in)
Samsung DVR authentication bypass 2013-08-20
Andrea Fabrizi (andrea fabrizi gmail com)
**************************************************************
Title: Samsung DVR authentication bypass
Version affected: firmware version <= 1.10
Vendor: Samsung - www.samsung-security.com
Discovered by: Andrea Fabrizi
Email: andrea.fabrizi (at) gmail (dot) com [email concealed]
Web: http://www.andreafabrizi.it
Twitter: @andre

[ more ]  [ reply ]
Forgotten Password 2013-08-20
saghar estehghari (s estehghari gmail com)
Hi,

In the system that I'm currently working on, the users authenticate
themselves using username and password. As this is kind of a secure
file sharing system, each user has a key that is drived from his
password and all of his data and files are encrypted using this key.

Since the password is no

[ more ]  [ reply ]
Awareness, Techniques, Careers 2013-08-13
Tom Brennan - OWASP (tomb owasp org)
Pardon the interruption;

OWASP Foundation presents,

AppSecUSA 2013

Http://www.appsecusa.org

Nov 18th - 21st, Time Square, NYC

Now back to your fuzzin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Web

[ more ]  [ reply ]
Arachni v0.4.4-0.4.2 has been released (Open Source Web Application Security Scanner Framework) 2013-08-12
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but some bullet points follow.

For the Framework (v0.4.4):

* New checks
* Source code disclosure (source_

[ more ]  [ reply ]
oauth token authentication 2013-08-12
saghar estehghari (s estehghari gmail com)
Hi,

On a cloud project that i'm currently working, we authenticate the
clients by password and get access to their keys using their password
(using a PBKDF2 function).

However, we want to provide the user with another option which is
authenticating with an oath token. So the problem that I'm facin

[ more ]  [ reply ]
RE: Secret Sharing 2013-08-03
JAntonakos excelsior edu

Symmetric encryption uses a single key. Asymmetric encryption uses public
and private keys.

You encrypt with the public key and decrypt with the private key.

Best,
JLA

Sent with Good (www.good.com)

-------- Original Message --------

From : listbounce (at) securityfocus (dot) com [email concealed]
To : saghar es

[ more ]  [ reply ]
Reply: End-to-End Email Encryption Solution 2013-08-03
Orfeo Chen (noir meta-4 me)
PGP Desktop fits quite well into the situation. It's commercial but the email encryption and decryption feature is absolutely free. Also, GPG if you want, it's open source.

Mohamed Farid <m.farid.shawara (at) gmail (dot) com [email concealed]>ï¼?

Dear All :

I am searching for a good End-to-End Email Security Solution ( Ope

[ more ]  [ reply ]
End-to-End Email Encryption Solution 2013-08-02
Mohamed Farid (m farid shawara gmail com) (5 replies)
Dear All :

I am searching for a good End-to-End Email Security Solution ( Open
Source of Commercial ) - Any advices ?
And previous experience ?

Thank you ,,,

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenz

[ more ]  [ reply ]
Re: End-to-End Email Encryption Solution 2013-08-03
Adrian Puente (puenteadrian gmail com)
Re: End-to-End Email Encryption Solution 2013-08-03
Paulo Cesar Breim \(PCB\) (paulo breim com br) (1 replies)
Re: End-to-End Email Encryption Solution 2013-08-04
Manolis Mavrofidis (mmavrofides gmail com)
Re: End-to-End Email Encryption Solution 2013-08-03
Izhar Ahmed Mujaddidi (izhara hotmail com) (1 replies)
Re: End-to-End Email Encryption Solution 2013-08-05
Brian Fritts (bfritts wcmc org)
Re: End-to-End Email Encryption Solution 2013-08-03
Tracy Reed (treed ultraviolet org)
Re: End-to-End Email Encryption Solution 2013-08-03
Mufti, Mueen (Mueen Mufti bestway co uk)
OWASP Xenotix XSS Exploit Framework v4 Released 2013-08-01
Ajin Abraham (ajin25 gmail com)
Hi all,

I just released version 4 of OWASP Xenotix XSS Exploit Framework.

Have a look at:
https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site
Scripting (XSS) vulnerability detection and exploitation framework. It
provid

[ more ]  [ reply ]
Secret Sharing 2013-08-01
saghar estehghari (s estehghari gmail com) (2 replies)
Hi,

I'm working on a project which involves security of the cloud data.

The scenario is as follows:

Users A and B have registered to a cloud service (cloud assumed to be
semi-trusted). A and B both have secret keys (KA and KB) (for
symmetric encryption) and public keys (PKA and PKB) on the cloud

[ more ]  [ reply ]
Re: Secret Sharing 2013-08-03
Siim Põder (siim p6drad-teel net)
Re: Secret Sharing 2013-08-01
Jamie Riden (jamie riden gmail com) (1 replies)
Re: Secret Sharing 2013-08-03
Nir Izraeli (nirizr gmail com)
Ruxcon 2013 Final Call For Papers 2013-07-15
cfp ruxcon org au
Ruxcon 2013 Final Call For Papers
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the final call for papers for Ruxcon.

This year the conference will take place over the weekend of the 26th and 27th
of Oc

[ more ]  [ reply ]
(Page 3 of 331)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus