Web Application Security Mode:
(Page 9 of 330)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
RE: Application Security 2012-01-12
Milind Nanal (Milind Nanal eclerx com)
Reference on the subject. Members view on these points how they are managing similar
Requirement. Information on tools etc.

Regards,
 
Milind Nanal

-----Original Message-----
From: Yiannis Koukouras [mailto:ikoukouras (at) gmail (dot) com [email concealed]]
Sent: Wednesday, January 11, 2012 6:33 PM
To: Milind Nanal
Cc: sec

[ more ]  [ reply ]
Re: Application Security 2012-01-11
Yiannis Koukouras (ikoukouras gmail com)
Hi,

Not sure what you are actually looking for...

Are you looking for references on those subjects or are you looking to
recruit people to perform this tasks?

BR,
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedi

[ more ]  [ reply ]
Application Security 2012-01-04
Milind Nanal (Milind Nanal eclerx com)
Hi Mailing list,

Seeking help below scenario :

1) The organization software development life cycle where in application security needs to be plugged in as focused approach.
2) Deployment & planning on roles & responsibilities of dedicated 4-5 members as apps tester & an apps test manager from in

[ more ]  [ reply ]
Re: stacking proxies 2012-01-04
Robin Wood (robin digininja org)
On Jan 4, 2012 8:46 AM, "David Hardy" <davehardy20 (at) gmail (dot) com [email concealed]> wrote:
>
> Hi Robin,
>
> I was at the talk that Jason did at Brucon, I think there is a little confusion, what he meant was chaining proxy based scanners, ie burp thro Acunetix thro Webinspect etc.
>
> It sounded a strange thing to do and

[ more ]  [ reply ]
AppSec DC 2012 CFP EXTENDED! 2012-01-06
AppSec DC (cfp appsecdc org)
All,

Many of you have written to us asking about the requirement for a
paper in our CFP hosted on EasyChair.  Due to an unforseen change in
the way EasyChair works, you are no longer able to configure a
submission to require only an abstract as we thought we had done, and
done in the past.  To be c

[ more ]  [ reply ]
Re: stacking proxies 2012-01-02
Robert Hajime Lanning (robert lanning gmail com)
I am putting together: (in this order)Nginx (ssl)Varnish
(caching)Haproxy (load balancing/fail over)
On Dec 31, 2011 10:29 PM, "Robin Wood" <robin (at) digininja (dot) org [email concealed]> wrote:
>
> I watched Jason Haddix talk at BruCon and he talked about stacking
> proxy servers when doing web app tests so that you could g

[ more ]  [ reply ]
Re: stacking proxies 2012-01-01
Robin Wood (robin digininja org)
On 1 January 2012 11:24, BookBag <asaad2 (at) gmail (dot) com [email concealed]> wrote:
> I tunnel everything thru tor. But be careful as DNS requests sometimes are
> done thru your IP. So its best to get your ip's thru any proxy and do the
> tests thru tor after you've got your ip's

Most of my clients like to know where the a

[ more ]  [ reply ]
stacking proxies 2011-12-31
Robin Wood (robin digininja org) (1 replies)
I watched Jason Haddix talk at BruCon and he talked about stacking
proxy servers when doing web app tests so that you could get the best
out of each one.

I've been meaning to ask for a while, what proxies do people use when
stacking and in what order?

Robin

This list is sponsored by Cenzic
----

[ more ]  [ reply ]
Re: stacking proxies 2012-01-02
Jamie Riden (jamie riden gmail com)
Positive Hack Days 2012 - Call For Paper 2011-12-21
cfp (cfp phdays com)
Positive Hack Days 2012 - Call For Paper
http://phdays.com?
30-31 May 2012 / Moscow / Russia

What comes to your mind when you think of Russia? Fyodor [Dostoevsky] and Moscow? Sputnik and bears? Vodka and matryoshkas? Or Russian hackers?

Positive Russian hackers, organizers of the Positive Hack

[ more ]  [ reply ]
Novell Sentinel Log Manager <=1.2.0.1 Path Traversal 2011-12-18
Andrea Fabrizi (andrea fabrizi gmail com)
**************************************************************
Vuln: Path Traversal
Application: Sentinel Log Manager
Vendor: Novell
Version affected: <= 1.2.0.1
Website: http://www.novell.com/products/sentinel-log-manager/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi (at) gmail (dot) com [email concealed]
Web: http://ww

[ more ]  [ reply ]
SANS AppSec 2012 CFP reminder 2011-12-02
SANS AppSec CFP (callforpapers-appsec sans org)
Hi everyone,

It's been over a month since we first announced the CFP for the SANS
AppSec Summit being held in Las Vegas, Nevada on April 30 - May 1, 2012.

We've received a number of great submissions so far but there's only two
months left until the deadline on February 1, 2012. If you'd like to

[ more ]  [ reply ]
CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday. Dec 5 2011 2011-12-02
Dragos Ruiu (dr kyx net)
So after a dozen years or so organizing conferences, you
get the urge to pull levers and try experimenting with
things. So this year I sent out the CanSecWest CFP
only over Twitter, and G+ publicly. Just curious as to the
adoption and information dispersion rate, and some
estimate of the attent

[ more ]  [ reply ]
different ways to use INTO OUTFILE in MySQL 2011-11-25
Robin Wood (robin digininja org)
Hi
I've been talking to Miroslav (sqlmap developer) about the way he
creates files using INTO OUTFILE. He uses the following syntax:

select "" INTO OUTFILE "/tmp/x" LINES TERMINATED BY "<?php exec('ls');?>";

But I've always used:

select "<?php exec('ls');?>" INTO OUTFILE "/tmp/y";

Both end up wi

[ more ]  [ reply ]
CarolinaCon-8 (2012) Call for Papers/Presenters/Speakers 2011-11-21
Vic Vandal (vvandal well com)
CarolinaCon-8/2012 - Call for Papers/Presenters/Speakers

h4x0rs, InfoSec professionals, international spies, script kidz, and posers,

CarolinaCon-8 will occur on May 11th-13th 2012 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event.

If you are s

[ more ]  [ reply ]
Understanding the four attack modes in Burp Intruder 2011-11-09
Robin Wood (robin digininja org)
Seeing as I have to think about which mode does what when using Burp
Intruder I decided to do a blog post about it to hopefully solidify it
in my mind and help anyone else who wasn't sure:

http://www.digininja.org/blog/burp_intruder_types.php

Robin

This list is sponsored by Cenzic
-------------

[ more ]  [ reply ]
New w3af release! (1.1) 2011-11-10
Andres Riancho (andres riancho gmail com)
Guys,

Today we're releasing version 1.1 of w3af which includes the
following changes:

* Considerably increased performance by implementing gzip encoding
* Enhanced embedded bug report system using Trac's XMLRPC
* Fixed hundreds of bugs
* Fixed critical bug in au

[ more ]  [ reply ]
MSIS research 2011-11-10
Steve Sirag (stevesirag gmail com)
Hi,

My name is Steve Sirag. I'm studying for my Master's of Science in
Information Systems (emphasis on security).

My final research project is to discover the limits corporate
networks place on social networking applications, and

how it compares to online and print discussions of the same.

[ more ]  [ reply ]
WordPress All Versions Full Path Disclosure (FPD) 2011-11-08
Ryan Dewhurst (ryandewhurst gmail com)
Hi,

As part of my research on my tool WPScan, I have run the inspathx tool
against every version of WordPress released, excluding BETA and MU
releases.

The result is this tar file which contains a txt file for every
version of WordPress and the Full Path Disclosure vulnerabilities
which effect the

[ more ]  [ reply ]
Re: SMS protection 2011-10-29
Marcel Tudorache (marceltudorache yahoo com)
Hi Nick,

Thank you for your answer.
It would be interesting to know why do you think that it couldn't be used for online banking?

What I like about the SMSes as compared to the cryptografic tokens, is that you can receive the transaction details on your GSM which should be safer than via the email

[ more ]  [ reply ]
(Page 9 of 330)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus