Web Application Security Mode:
(Page 9 of 333)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
Arachni v0.4.1 has been released (Open Source Web Application Security Scanner Framework) 2012-10-03
Tasos Laskos (tasos laskos gmail com)
Hey folks,

This is just to let you know that there's a new version of Arachni.

Arachni is a modular and high-performance (Open Source) Web Application
Security Scanner Framework written in Ruby.

The change-log is quite sizable but the gist is:
* License change, Apache License v2.
* Additio

[ more ]  [ reply ]
nullcon Goa 2013 Call For Papers/Events 2012-09-05
nullcon (nullcon nullcon net)
CALL FOR PAPERS/EVENTS
IDEATE, INVENT, INNOVATE
++++++++++++++++++++++

Hello! Aloha! Namaskar! Ni Hau! Guten Tag! Privet! Salam-wale-kum!
Hej! Ahoj! Bonjour! Terve! Ciao! Konnichiva! Selamat! Barev! Jum Reap
Sour! Selamat! ahnnyeong ha se yo! Salvete! Moien! Selamat datang!
Bonswa! sain baina uu! K

[ more ]  [ reply ]
QNAP Turbo NAS Multiple Path Injection 2012-09-04
Andrea Fabrizi (andrea fabrizi gmail com)
**************************************************************
Vulnerability: Multiple Path Injection
Product: QNAP Turbo NAS
Vendor: QNAP
Version affected: <= 3.7.3 build 20120801
Status: Unpatched
Website: http://web.qnap.com/pro_detail_feature.asp?p_id=202
Discovered by: Andrea Fabrizi
Email: and

[ more ]  [ reply ]
t2â?²12: Challenge to be released 2012-09-01 10:00 EEST 2012-08-29
Tomi Tuominen (tomi tuominen t2 fi)
It is that time of the year again - weâ??re pleased to announce the
release of the t2â??12 Challenge!

This yearâ??s challenge starts from the homepage of a young woman who is
rumored to be the girlfriend of an infamous carder. To solve the
challenge, the participants need to step into investigator'

[ more ]  [ reply ]
WATOBO 0.9.9 release 2012-08-16
Andreas Schmidt (webappsec siberas de)
Hi everybody,

I've just pushed the final release of WATOBO 0.9.9 to rubygems.org.

= WATOBO - The Web Application ToolBox
WATOBO is intended to enable security professionals to perform
(semi-automated) web application security audits and penetration tests.

== NEWS
* Transparent Proxy Mode ->
htt

[ more ]  [ reply ]
Administrivia: Out of office replies 2012-08-15
Andrew van der Stock (vanderaj greebo net)
Can folks please ensure that their e-mail systems do not process out
of office replies to the mail list.

As moderator, I get them and they go straight to /dev/null. Please
hope that I don't approve any, or else everyone will know that only
your cat is home. :)

thanks,
Andrew

This list is sponso

[ more ]  [ reply ]
Password Blacklist 2012-08-14
Reed Black (reed unsafeword org) (3 replies)
Can anyone recommend a good password dictionary, preferably one where
the author speaks to the method of its construction?

As part of our authentication system, I want to blacklist the most
commonly used passwords. I searched for dictionaries for use with John
the Ripper, hoping to use one of these

[ more ]  [ reply ]
Re: Password Blacklist 2012-08-15
Nick Galbreath (nickg client9 com)
Re: Password Blacklist 2012-08-15
Per Thorsheim (per thorsheim net) (1 replies)
Re: Password Blacklist 2012-08-15
Reed Black (reed unsafeword org) (2 replies)
Re: Password Blacklist 2012-08-15
Per Thorsheim (per thorsheim net) (1 replies)
Re: Password Blacklist 2012-08-16
Snipe (snipe snipe net)
RE: Password Blacklist 2012-08-15
Nigel Ball (Nigel K Ball dsl pipex com)
Re: Password Blacklist 2012-08-15
Andrew van der Stock (vanderaj greebo net)
Parameter name injection - Not tested by WebInspect 9.x 2012-08-09
Danux (danuxx gmail com) (1 replies)
Old technique but still out of testers' radar. Ninety nine percent
(99%) of tools concentrate on identifying and injecting malicious code
into parameter values, also 99% of Developers concentrate on html
encoding parameter values specially to prevent client-side attacks,
but what about parameter nam

[ more ]  [ reply ]
RE: Parameter name injection - Not tested by WebInspect 9.x 2012-08-09
Dafydd Stuttard (dafydd stuttard portswigger net)
[HITB-Announce] HITB Magazine Issue 009 - Call for Submissions 2012-08-09
Hafez Kamal (aphesz hackinthebox org)
This is a call for article submissions for Issue 009 of HITB's quarterly
magazine - http://magazine.hitb.org/ which will be released alongside
#HITB2012KUL - The 10 year anniversary of the HITB Security Conference
series in Malaysia.

HITB Magazine is a deep-knowledge technical publication and we ar

[ more ]  [ reply ]
Re: Testing Webservices ASMX 2012-08-06
Arvind (arvind doraiswamy gmail com)
Forwarding to the list..

> Thnx Kevin...I didn't ..no. Largely I kind of ran out of time. So when
> I saw that I could not break out of the XML tags, I kind of gave up on
> it. Are you saying though, even though you can't break out of tags, by
> say closing them, you can still inject data using th

[ more ]  [ reply ]
Re: Testing Webservices ASMX 2012-08-03
Arvind (arvind doraiswamy gmail com)
Thnx Kevin...I didn't ..no. Largely I kind of ran out of time. So when
I saw that I could not break out of the XML tags, I kind of gave up on
it. Are you saying though, even though you can't break out of tags, by
say closing them, you can still inject data using that string you
mentioned? How does i

[ more ]  [ reply ]
Testing a Flex application 2012-08-02
Arvind (arvind doraiswamy gmail com)
Hi All,
I was testing a Flex application recently and had a few experiences
that I've put down at
http://ardsec.blogspot.com/2012/08/testing-flex-application.html. Do
share your thoughts if you have any on any of the items on that blog.

Thanks
Arvind

This list is sponsored by Cenzic
------------

[ more ]  [ reply ]
AMF Testing with Blazer 2012-08-02
Luca Carettoni (luca matasano com)
Hi folks,

This may be of some interest to people on the list.

http://code.google.com/p/blazer/

Blazer is a Burp Suite plugin for testing AMF-based applications that use Java remoting technologies (e.g. Adobe BlazeDS).
It implements a new testing approach, introduced at Black Hat USA 2012. In a n

[ more ]  [ reply ]
Testing Webservices ASMX 2012-08-02
Arvind (arvind doraiswamy gmail com)
Hi All,
Along with a flex app (just posted a thread) I also tested a few web
services and that's documented here -
http://ardsec.blogspot.com/2012/08/asmx-webservices-xss.html. Is there
anything else you guys can think of?

Cheers
Arvind

This list is sponsored by Cenzic
--------------------------

[ more ]  [ reply ]
Pentesting attacks 2012-07-25
ITlook (madziak12 vp pl)


- Zed Attack Proxy - see what it;s all about!
- Understand how A Wireless (802.11) Probe Request Based Attack works
- How to secure users from Phishing, Smishing & Social Media Attacks
- Cyber war... Is the digital apocalypse approaching?
- Original â??security through obscurity" viz. SCADA penetr

[ more ]  [ reply ]
winAUTOPWN v3.1 Released 2012-06-20
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

This is to announce release of winAUTOPWN version 3.1

The improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ] is a
Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend.
C4 - WAST gives users the freedom to select ind

[ more ]  [ reply ]
EUSecWest 2012 - Amsterdam, Sept 19/20 featuring Mobile PWN2OWN - CFP Deadline June 15 2012-06-05
Dragos Ruiu (dr kyx net)
EUSecWest 2012, Amsterdam, September 19/20, Featuring Mobile PWN2OWN
CALL FOR PAPERS - Deadline June 15 2012

   AMSTERDAM, Nederland -- The seventh annual EUSecWest
   applied technical security conference - where the eminent
   figures in the international security industry get
   together share b

[ more ]  [ reply ]
Re: [Pauldotcom] hydra and HTTP NTLM 2012-05-26
Robin Wood (robin digininja org)
On 25 May 2012 21:59, Sherif El-Deeb <archeldeeb (at) gmail (dot) com [email concealed]> wrote:
> Back when nothing was supporting Outlook Web Access bruteforcing, I've
> written a simple bash script that automated the process using "curl"... I
> suggest you do the same.
>
> "curl --ntlm" -> it will be two nested for loops, the

[ more ]  [ reply ]
(Page 9 of 333)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus