Web Application Security Mode:
(Page 5 of 333)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root 2013-10-22
Craig Young (vuln-report secur3 us)
NETGEAR ReadyNAS with firmware 4.2.x before 4.2.24 and 4.1.x before
4.1.12 is prone to command injection from an unauthenticated HTTP GET
request. This vulnerability can lead to complete root access as
outlined on the Tripwire blog:
http://www.tripwire.com/state-of-security/vulnerability-management

[ more ]  [ reply ]
Re: OWASP Vulnerable Web Applications Directory Project 2013-10-18
psiinon (psiinon gmail com)
And in converting my original email to text format the link got lost ;)

The project is here:
https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Direct
ory_Project

Simon

On Fri, Oct 18, 2013 at 4:04 PM, psiinon <psiinon (at) gmail (dot) com [email concealed]> wrote:
> The OWASP Vulnerable Web Applications Direct

[ more ]  [ reply ]
OWASP Vulnerable Web Applications Directory Project 2013-10-18
psiinon (psiinon gmail com)
The OWASP Vulnerable Web Applications Directory (VWAD) Project is a
comprehensive and well maintained registry of all known vulnerable web
applications currently available. These vulnerable web applications
can be used by web developers, security auditors and penetration
testers to put in practice t

[ more ]  [ reply ]
OWASP Xenotix XSS Exploit Framework 4.5 is Relesed 2013-10-15
Ajin Abraham (ajin25 gmail com)
Hello,
OWASP Xenotix XSS Exploit Framework V4.5 is Released.

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site
Scripting (XSS) vulnerability detection and exploitation framework. It
provides Zero False Positive scan results with its unique Triple
Browser Engine (Trident, WebKit

[ more ]  [ reply ]
ImmuniWeb® Self-Fuzzer 2013-10-02
ImmuniWeb® Self-Fuzzer (self-fuzzer htbridge com)
ImmuniWeb® Self-Fuzzer is a simple Firefox browser extension designed to
detect Cross-Site Scripting (XSS) and SQL Injection vulnerabilities in
web applications.

It demonstrates how rapidly and easily these two most common types of
web vulnerabilities can be found even by a person who is not fa

[ more ]  [ reply ]
Arachni v0.4.5.1-0.4.2 has been released (Open Source Web Application Security Scanner Framework) 2013-09-14
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

* Optimized pattern matching to use less resources by grouping patterns to only
be matched against the per-platform pay

[ more ]  [ reply ]
secure cookies 2013-09-12
saghar estehghari (s estehghari gmail com)
Hi,

In the system that i'm working on, we are having some session cookies
on the client side that we need to protect against the replay attack !
So I find the following paper
http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf and I
really like the way that they put thing together. Ther

[ more ]  [ reply ]
OWASP Zed Attack Proxy 2.2.0 2013-09-11
psiinon (psiinon gmail com)
Hi folks,

ZAP 2.2.0 is now available from http://code.google.com/p/zaproxy/downloads/list

This includes support for scripts embedded in ZAP components like the
active and passive scanners as well as support for Zest - a new
security focused scripting language from the Mozilla security team.
It als

[ more ]  [ reply ]
CBC Byte Flipping Attack 101 Approach 2013-09-10
Danux (danuxx gmail com)
Nothing new, just a 101 approach of this attack:

http://danuxx.blogspot.com/2013/09/cbc-byte-flipping-attack-101-approach
.html

--
DanUx

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck

[ more ]  [ reply ]
Administrivia: Limited list admin for a little while 2013-09-05
Andrew van der Stock (vanderaj greebo net)
Hi there,

I will be off the grid for the next 10 days. Therefore, there will be
limited (i.e. none! nada! zip! zero!) posts approved until I get back.
This will the first time in 24 years that I've been away from the
Internet for this long.

Wish me luck!

thanks,
Andrew

This list is sponsored b

[ more ]  [ reply ]
SpiderFoot 2.0.4 released 2013-09-01
Steve Micallef (steve binarypool com)
Hi everyone,

I'm pleased to announce the release of SpiderFoot 2.0.4. SpiderFoot is a
free, multi-platform open-source footprinting and intelligence gathering
tool.

Since 2.0.0 was released in May, there have been a number of subsequent
releases not announced to these lists, so if you are upgra

[ more ]  [ reply ]
Checkout Passive Web Application Firewall (WAF) Testing Framework (like mod_security , naxsi etc) 2013-08-27
Bhaumik Merchant (wof bhaumik merchant gmail com)
Hello All,

Created one framework for Passively evaluating Web Application
Firewalls without
touching existing infrastructure and Web Application Firewall vendor
independent. Sniffing
(Passive mode) support for each and every Web Application Firewall
like mod_security. Code coming soon ! Checkout Ha

[ more ]  [ reply ]
Re: Forgotten Password 2013-08-21
saghar estehghari (s estehghari gmail com) (1 replies)
Hi list,

Thanks for the all the replies :)

@Clemens :The system is semi-trusted. This implies that we can't
access to user's data while he is offline (the data is encrypted at
rest). This is because the client is considered as a weakest link and
it is complicated for him to handle the keys secure

[ more ]  [ reply ]
Re: Forgotten Password 2013-08-21
Amol Arakh (amolarakh yahoo co in)
Samsung DVR authentication bypass 2013-08-20
Andrea Fabrizi (andrea fabrizi gmail com)
**************************************************************
Title: Samsung DVR authentication bypass
Version affected: firmware version <= 1.10
Vendor: Samsung - www.samsung-security.com
Discovered by: Andrea Fabrizi
Email: andrea.fabrizi (at) gmail (dot) com [email concealed]
Web: http://www.andreafabrizi.it
Twitter: @andre

[ more ]  [ reply ]
Forgotten Password 2013-08-20
saghar estehghari (s estehghari gmail com)
Hi,

In the system that I'm currently working on, the users authenticate
themselves using username and password. As this is kind of a secure
file sharing system, each user has a key that is drived from his
password and all of his data and files are encrypted using this key.

Since the password is no

[ more ]  [ reply ]
Awareness, Techniques, Careers 2013-08-13
Tom Brennan - OWASP (tomb owasp org)
Pardon the interruption;

OWASP Foundation presents,

AppSecUSA 2013

Http://www.appsecusa.org

Nov 18th - 21st, Time Square, NYC

Now back to your fuzzin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Web

[ more ]  [ reply ]
Arachni v0.4.4-0.4.2 has been released (Open Source Web Application Security Scanner Framework) 2013-08-12
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but some bullet points follow.

For the Framework (v0.4.4):

* New checks
* Source code disclosure (source_

[ more ]  [ reply ]
oauth token authentication 2013-08-12
saghar estehghari (s estehghari gmail com)
Hi,

On a cloud project that i'm currently working, we authenticate the
clients by password and get access to their keys using their password
(using a PBKDF2 function).

However, we want to provide the user with another option which is
authenticating with an oath token. So the problem that I'm facin

[ more ]  [ reply ]
RE: Secret Sharing 2013-08-03
JAntonakos excelsior edu

Symmetric encryption uses a single key. Asymmetric encryption uses public
and private keys.

You encrypt with the public key and decrypt with the private key.

Best,
JLA

Sent with Good (www.good.com)

-------- Original Message --------

From : listbounce (at) securityfocus (dot) com [email concealed]
To : saghar es

[ more ]  [ reply ]
Reply: End-to-End Email Encryption Solution 2013-08-03
Orfeo Chen (noir meta-4 me)
PGP Desktop fits quite well into the situation. It's commercial but the email encryption and decryption feature is absolutely free. Also, GPG if you want, it's open source.

Mohamed Farid <m.farid.shawara (at) gmail (dot) com [email concealed]>ï¼?

Dear All :

I am searching for a good End-to-End Email Security Solution ( Ope

[ more ]  [ reply ]
(Page 5 of 333)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus