|
|
Colapse all |
Post message
Re: To validate or not to validate: Client side validation 2010-04-20 Robinson Delaugerre (rdelaugerre sdninternational com) To validate or not to validate: Client side validation 2010-04-19 pand0ra (pand0ra usa gmail com) (1 replies) Question: You are doing code review and come across a javascript application that does not do input validation. Would you have the developer go back and write in input validation? If so, why? If not, why? ------------------------------------------------------------------------ This list is sponsore [ more ] [ reply ] RE: To validate or not to validate: Client side validation 2010-04-20 Paul Melson (pmelson gmail com) [Tool] ReFrameworker 1.1 2010-04-19 Erez Metula (erezmetula appsec co il) Hi all, I'm happy to announce about a new version of ReFrameworker V1.1 ! ReFrameworker is a general purpose Framework modifier, used to reconstruct framework Runtimes by creating modified versions from the original implementation that was provided by the framework vendor. ReFrameworker performs t [ more ] [ reply ] Password audit in 2008 DC 2010-04-15 Adrian Rodriguez (adrian rodriguez digiware net) (1 replies) Hello, I have a client that requires a password audit to it´s DC that is on a win 2008 server system. Due to the criticity of the service, the client does not allow the execution of a non proven tool to do the task. I´m trying to do a simple SAM dump on ths system but I need to know for sure it´ll [ more ] [ reply ] xprobe2-ng patch 2010-04-14 Daniel García (dani madesyp com) Hi all, All the well-known xprobe2 quite useful to have a second (or third) view of identifying the remote systems in a security audit process. The problem of this tool is the latest version of the author, Fyodor, dates from 2005. The last year, 2009, the project was resumed and updat [ more ] [ reply ] Re: Evaluating Pen Testers 2010-04-13 Daniel Kennedy (danielkennedy74 gmail com) (1 replies) I don't normally like to engage in back and forth over a mailing list, but there is a tone of unwarranted dissmissiveness combined with points that I think are incorrect or incomplete, and in reading your usual comments I know you're better than that so I'm going to address it (see below). Forgive [ more ] [ reply ] Re: Evaluating Pen Testers 2010-04-15 Andre Gironda (andreg gmail com) (1 replies) Re: Evaluating Pen Testers 2010-04-15 Daniel Kennedy (danielkennedy74 gmail com) (1 replies) RE: Pentest of BPM Product 2010-04-08 Paul Melson (pmelson gmail com) > Does anybody have experience in carrying out an application pentest of any BPM > products like Pega? If so, then can anybody please let me know what are the basic > points to keep in mind while carrying out pentest of such products? The truly significant difference in testing a BPM app is the r [ more ] [ reply ] Evaluating Pen Testers 2010-04-09 Daniel Kennedy (danielkennedy74 gmail com) (2 replies) There ought to be a "who's who of penetration testers, especially with some of what I read about and hear at conferences when it comes to penetration testing, for many years now, and its not getting any better. That said, it wouldn't be easy to put together. A firm in the UK was testing pen testers [ more ] [ reply ] HITBSecConf DUBAI 2010: Learn more about web attacks and stealth hacking 2010-04-12 Laurent OUDOT at TEHTRI-Security (laurent oudot tehtri-security com) Hi Folks, If you are interested by web attacks and stealth hacking, come and join us at HITBSecConf Dubai [ http://conference.hackinthebox.org/hitbsecconf2010dxb/?page_id=680 ]. Next 21st April, TEHTRI-Security will talk about web security, during this presentation: "Silent Steps: Improving the St [ more ] [ reply ] [tool] x5s - test encodings and character transformations to find XSS hotspots 2010-04-08 Chris Weber (chris casabasecurity com) Hello everyone, Casaba is happy to make x5s available for download - a specialized Web-app testing Fiddler addon aimed at helping security testers find XSS hotspots. It's main goal is to help you identify those hotspots by: - Detecting where safe encodings were not applied to emitted user-inputs [ more ] [ reply ] [HITB-Announce] FINAL CALL - CFP for HITBSecConf2010 Amsterdam 2010-04-08 Hafez Kamal (aphesz hackinthebox org) This is the FINAL CALL to submit your talk / presentation proposals for the inaugural HITB Security Conference in Europe! Submissions are due by 19TH APRIL 2010. HITBSecConf2010 - Amsterdam takes place at the Grand Krasnapolsky from the 29th of June till the 2nd of July (Tuesday - Friday) with keyn [ more ] [ reply ] Pentest of BPM Product 2010-04-08 Anant Iyer (iyer anant r gmail com) Hello, Does anybody have experience in carrying out an application pentest of any BPM products like Pega? If so, then can anybody please let me know what are the basic points to keep in mind while carrying out pentest of such products? On an additional note, are there any legal issues in carrying [ more ] [ reply ] Burp Proxy Question 2010-04-06 learn lids (learnlids yahoo com) (3 replies) hi all, i am using burp proxy 1.3 to look at a webstie through a http proxy - http://something.com . the website redirects to https, and then burp gives the message "Burp proxy error: Unrecognized SSL message, plaintext connection? " this seems to be a common java error, and the burp suite documen [ more ] [ reply ] |
|
Privacy Statement |
[ more ] [ reply ]