Web Application Security Mode:
(Page 5 of 333)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
CBC Byte Flipping Attack 101 Approach 2013-09-10
Danux (danuxx gmail com)
Nothing new, just a 101 approach of this attack:

http://danuxx.blogspot.com/2013/09/cbc-byte-flipping-attack-101-approach
.html

--
DanUx

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck

[ more ]  [ reply ]
Administrivia: Limited list admin for a little while 2013-09-05
Andrew van der Stock (vanderaj greebo net)
Hi there,

I will be off the grid for the next 10 days. Therefore, there will be
limited (i.e. none! nada! zip! zero!) posts approved until I get back.
This will the first time in 24 years that I've been away from the
Internet for this long.

Wish me luck!

thanks,
Andrew

This list is sponsored b

[ more ]  [ reply ]
SpiderFoot 2.0.4 released 2013-09-01
Steve Micallef (steve binarypool com)
Hi everyone,

I'm pleased to announce the release of SpiderFoot 2.0.4. SpiderFoot is a
free, multi-platform open-source footprinting and intelligence gathering
tool.

Since 2.0.0 was released in May, there have been a number of subsequent
releases not announced to these lists, so if you are upgra

[ more ]  [ reply ]
Checkout Passive Web Application Firewall (WAF) Testing Framework (like mod_security , naxsi etc) 2013-08-27
Bhaumik Merchant (wof bhaumik merchant gmail com)
Hello All,

Created one framework for Passively evaluating Web Application
Firewalls without
touching existing infrastructure and Web Application Firewall vendor
independent. Sniffing
(Passive mode) support for each and every Web Application Firewall
like mod_security. Code coming soon ! Checkout Ha

[ more ]  [ reply ]
Re: Forgotten Password 2013-08-21
saghar estehghari (s estehghari gmail com) (1 replies)
Hi list,

Thanks for the all the replies :)

@Clemens :The system is semi-trusted. This implies that we can't
access to user's data while he is offline (the data is encrypted at
rest). This is because the client is considered as a weakest link and
it is complicated for him to handle the keys secure

[ more ]  [ reply ]
Re: Forgotten Password 2013-08-21
Amol Arakh (amolarakh yahoo co in)
Samsung DVR authentication bypass 2013-08-20
Andrea Fabrizi (andrea fabrizi gmail com)
**************************************************************
Title: Samsung DVR authentication bypass
Version affected: firmware version <= 1.10
Vendor: Samsung - www.samsung-security.com
Discovered by: Andrea Fabrizi
Email: andrea.fabrizi (at) gmail (dot) com [email concealed]
Web: http://www.andreafabrizi.it
Twitter: @andre

[ more ]  [ reply ]
Forgotten Password 2013-08-20
saghar estehghari (s estehghari gmail com)
Hi,

In the system that I'm currently working on, the users authenticate
themselves using username and password. As this is kind of a secure
file sharing system, each user has a key that is drived from his
password and all of his data and files are encrypted using this key.

Since the password is no

[ more ]  [ reply ]
Awareness, Techniques, Careers 2013-08-13
Tom Brennan - OWASP (tomb owasp org)
Pardon the interruption;

OWASP Foundation presents,

AppSecUSA 2013

Http://www.appsecusa.org

Nov 18th - 21st, Time Square, NYC

Now back to your fuzzin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Web

[ more ]  [ reply ]
Arachni v0.4.4-0.4.2 has been released (Open Source Web Application Security Scanner Framework) 2013-08-12
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but some bullet points follow.

For the Framework (v0.4.4):

* New checks
* Source code disclosure (source_

[ more ]  [ reply ]
oauth token authentication 2013-08-12
saghar estehghari (s estehghari gmail com)
Hi,

On a cloud project that i'm currently working, we authenticate the
clients by password and get access to their keys using their password
(using a PBKDF2 function).

However, we want to provide the user with another option which is
authenticating with an oath token. So the problem that I'm facin

[ more ]  [ reply ]
RE: Secret Sharing 2013-08-03
JAntonakos excelsior edu

Symmetric encryption uses a single key. Asymmetric encryption uses public
and private keys.

You encrypt with the public key and decrypt with the private key.

Best,
JLA

Sent with Good (www.good.com)

-------- Original Message --------

From : listbounce (at) securityfocus (dot) com [email concealed]
To : saghar es

[ more ]  [ reply ]
Reply: End-to-End Email Encryption Solution 2013-08-03
Orfeo Chen (noir meta-4 me)
PGP Desktop fits quite well into the situation. It's commercial but the email encryption and decryption feature is absolutely free. Also, GPG if you want, it's open source.

Mohamed Farid <m.farid.shawara (at) gmail (dot) com [email concealed]>ï¼?

Dear All :

I am searching for a good End-to-End Email Security Solution ( Ope

[ more ]  [ reply ]
End-to-End Email Encryption Solution 2013-08-02
Mohamed Farid (m farid shawara gmail com) (5 replies)
Dear All :

I am searching for a good End-to-End Email Security Solution ( Open
Source of Commercial ) - Any advices ?
And previous experience ?

Thank you ,,,

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenz

[ more ]  [ reply ]
Re: End-to-End Email Encryption Solution 2013-08-03
Adrian Puente (puenteadrian gmail com)
Re: End-to-End Email Encryption Solution 2013-08-03
Paulo Cesar Breim \(PCB\) (paulo breim com br) (1 replies)
Re: End-to-End Email Encryption Solution 2013-08-04
Manolis Mavrofidis (mmavrofides gmail com)
Re: End-to-End Email Encryption Solution 2013-08-03
Izhar Ahmed Mujaddidi (izhara hotmail com) (1 replies)
Re: End-to-End Email Encryption Solution 2013-08-05
Brian Fritts (bfritts wcmc org)
Re: End-to-End Email Encryption Solution 2013-08-03
Tracy Reed (treed ultraviolet org)
Re: End-to-End Email Encryption Solution 2013-08-03
Mufti, Mueen (Mueen Mufti bestway co uk)
OWASP Xenotix XSS Exploit Framework v4 Released 2013-08-01
Ajin Abraham (ajin25 gmail com)
Hi all,

I just released version 4 of OWASP Xenotix XSS Exploit Framework.

Have a look at:
https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site
Scripting (XSS) vulnerability detection and exploitation framework. It
provid

[ more ]  [ reply ]
Secret Sharing 2013-08-01
saghar estehghari (s estehghari gmail com) (2 replies)
Hi,

I'm working on a project which involves security of the cloud data.

The scenario is as follows:

Users A and B have registered to a cloud service (cloud assumed to be
semi-trusted). A and B both have secret keys (KA and KB) (for
symmetric encryption) and public keys (PKA and PKB) on the cloud

[ more ]  [ reply ]
Re: Secret Sharing 2013-08-03
Siim Põder (siim p6drad-teel net)
Re: Secret Sharing 2013-08-01
Jamie Riden (jamie riden gmail com) (1 replies)
Re: Secret Sharing 2013-08-03
Nir Izraeli (nirizr gmail com)
Ruxcon 2013 Final Call For Papers 2013-07-15
cfp ruxcon org au
Ruxcon 2013 Final Call For Papers
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the final call for papers for Ruxcon.

This year the conference will take place over the weekend of the 26th and 27th
of Oc

[ more ]  [ reply ]
[CVE-2012-6458] Multiple Persistent XSS in silverstripe-ecommerce 2013-07-14
Craig Young (vuln-report secur3 us)
I am writing to inform you of multiple persistent XSS issues within
the ecommerce module
(https://code.google.com/p/silverstripe-ecommerce/) of SilverStripe
CMS. These issues have been fixed without a corresponding release
note or other indication of a security advisory. The author has been
unres

[ more ]  [ reply ]
SEC Consult blog :: Content security policy - assumptions vs. reality 2013-07-11
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab published a new blog entry titled:
Content Security Policy (CSP) - Another example on application security and
"assumptions vs. reality"

Abstract:
---------
Software applications have been around for quite some time. Since the first
security vulnerabilities and corre

[ more ]  [ reply ]
Ground Zero Summit - Call For Papers 2013-07-09
submit cfp (submitcfp g0s org)
Hi All,

Ground Zero Infosec Summit is an initiative of independent apex
not-for-profit body and is an outcome of an alliance between industry
and Government of India to tackle emerging cyber security threats
against critical information infrastructure. The summit is supported
by the Govt. of India.

[ more ]  [ reply ]
(Page 5 of 333)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus