Web Application Security Mode:
(Page 10 of 330)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
Re: outlook web access authentication 2011-10-26
Neil McAllister (neilmca2011 gmail com)

I think its critical to secure outward facing applications such as OWA, or
sharepoint! We used deepnet security dualshield to lock down all our IIS7
applications as well terminal services, rdp and vpn connections etc. I would
recommend deepnet security. Their dualshield platform will secure OWA,
Sh

[ more ]  [ reply ]
SANS AppSec 2012 CFP is Open 2011-10-26
SANS AppSec CFP (callforpapers-appsec sans org)
Hi everyone,

We're happy to announce that the sixth annual SANS AppSec Summit will be
held in Las Vegas, Nevada on April 30 - May 1, 2012.

The theme for this conference is "Application Security at Scale".

Billions of records in the cloud. Millions of smart mobile devices.
Millions of developers

[ more ]  [ reply ]
AppSec DC 2012 - Call for Trainers 2011-10-24
AppSec DC (cfp appsecdc org)
Colleagues,

OWASP is currently soliciting training providers for the OWASP AppSec
DC 2012 regional conference that will take place at the Walter E.
Washington Convention Center (801 Mount Vernon Place NW Washington, DC
20001) on April 2nd through 5th of 2012.  The theme for this year's
conference i

[ more ]  [ reply ]
Agnitio Security Code Review Tool v2.1 released 2011-10-24
David Rook (david a rook gmail com)
Hi,

I've released an update to Agnitio which I hope will help people
carryout security focused code reviews and find vulnerabilities in the
source code they are reviewing.

The major changes in v2.1 are listed below:

1) Windows x64 support

2) Automatically decompile Android .apk application to ea

[ more ]  [ reply ]
SMS protection 2011-10-21
Marcel Tudorache (marceltudorache yahoo com) (1 replies)
Hi,

I was wondering how secure is an SMS to be used as authentication/transaction signing means for an application similar with online banking.

To make the analysis more targeted the following assumptions are made:
- I understand that the new smartphones can get viruses, but I would like to analy

[ more ]  [ reply ]
Re: SMS protection 2011-10-25
Robin Wood (robin digininja org)
AppSec DC 2012 CFP is OPEN! 2011-10-12
AppSec DC (cfp appsecdc org)
Colleagues,

Building on the success of AppSec DC 2010 and 2009, OWASP is pleased
to announce the next OWASP AppSec DC conference. The theme for this
year's conference is "OWASP - Not just webapps anymore" to reflect the
new and revised scope of OWASP to include all application security
issues inst

[ more ]  [ reply ]
Concrete5 <= 5.4.2.1 SQL Injection and XSS Vulnerabilities 2011-10-04
Ryan Dewhurst (ryandewhurst gmail com)
# Exploit Title: Concrete5 <= 5.4.2.1 SQL Injection and XSS Vulnerabilities
# Date: 2011-10-04
# Author: Ryan Dewhurst (ryandewhurst at gmail) (@ethicalhack3r)
(www.ethicalhack3r.co.uk)
# Software Link:
http://sourceforge.net/projects/concretecms/files/concrete5/5.4.2.1/
# Version: 5.4.2.1 (tested)

[ more ]  [ reply ]
new tool, File Disclosure Browser 2011-09-27
Robin Wood (robin digininja org)
Hi
I've released a new tool, the File Disclosure Browser. The app takes
.DS_Store files found on websites and parses through them to find a
list of all potential files in the directory. It can then either just
display the URLs for the files or if you give it a proxy it can browse
to the files itself

[ more ]  [ reply ]
Re: new tool, File Disclosure Browser 2011-09-27
Robin Wood (robin digininja org)
Take two on the URL:

http://www.digininja.org/projects/fdb.php

Robin

On 27 September 2011 13:40, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:
> Hi
> I've released a new tool, the File Disclosure Browser. The app takes
> .DS_Store files found on websites and parses through them to find a
> list of all

[ more ]  [ reply ]
winAUTOPWN v2.8 - Released with mod_shellcode for Reverse Shell and other OS Shellcodes 2011-09-28
QUAKER DOOMER (quakerdoomer inbox lv)
Dear all,

This is to announce release of winAUTOPWN version 2.8
This version covers almost all remote exploits up-till September 2011 and a few older ones as well.

Also added in this release are a few ruby exploits which require 'socket' alone for interpretation. Gee-Hence,
winAUTOPWN now require

[ more ]  [ reply ]
RE: Should or shouldn't block public ping to a website 2011-09-14
Martin O'Neal (martin oneal corsaire com)

> I think the point of a number of previous posters
> is that there ARE requirements for certain of the
> ICMP subcodes in order for the Internet to work
> properly - ICMP Do not fragment being one which
> is required for Path MTU discovery, for example.
> Stuff still works without it, but not

[ more ]  [ reply ]
RE: Should or shouldn't block public ping to a website 2011-09-12
Martin O'Neal (martin oneal corsaire com)

> ICMP redirect could be used.

I would be surprised if any router would propagate ICMP redirect either
off or onto the local network...

> ICMP offers limited benefits

Agreed. Same as for all protocols; if it isn't explicitly required, then
switch it off.

Martin...

This list is sponsored b

[ more ]  [ reply ]
Expression Language Injection 2011-09-12
Stefano Di Paola (stefano dipaola wisec it)
Guys,
someone may be interested in this Spring MVC related paper
(CVE-2011-2730) "Expression Language Injection":
http://blog.mindedsecurity.com/2011/09/expression-language-injection.htm
l

Vulnerable app and server side examples:
http://68.169.49.40:18080/ELInjection/demo.htm

Client side Poc exampl

[ more ]  [ reply ]
Re: Should or shouldn't block public ping to a website 2011-09-09
MATHDATER (MATHDATER AOL COM)
On 9/5/2011 2:03 AM, ShiYih Lye wrote:
> Hi,
>
> All this while I'm not allowing any public ping to the website I'm
> maintaining, but it's making me tougher to troubleshoot should any
> user from the globe having trouble to access our website, as I can't
> make them to send a proper traceroute repo

[ more ]  [ reply ]
Re: Should or shouldn't block public ping to a website 2011-09-09
Sandeep Cheema (51l3n7 live in) (1 replies)
Why are you not allowing ICMP? Is the server itself exposed or behind a netscaler or some routing device? Even if it's not covered behind, you can allow ping. The only exploit with ping is the ping of death, which is obsolete now. Use a software IDS\IPS?

Regards, Sandeep

Sent from BlackBerry® on A

[ more ]  [ reply ]
Re: Should or shouldn't block public ping to a website 2011-09-11
Clement Dupuis (clement dupuis gmail com)
Should or shouldn't block public ping to a website 2011-09-05
ShiYih Lye (shiyih lye my offgamers com)
Hi,

All this while I'm not allowing any public ping to the website I'm
maintaining, but it's making me tougher to troubleshoot should any
user from the globe having trouble to access our website, as I can't
make them to send a proper traceroute report.

To your opinion, is it necessary to block pub

[ more ]  [ reply ]
Insomnia: Whitepaper - LFI With PHPInfo Assistance 2011-09-06
Brett Moore (brett moore insomniasec com)
___________________________________________________________________

Insomnia Security :: LFI With PHPInfo Assistance
___________________________________________________________________

Name: LFI With PHPInfo Assistance
Released: 06 September 2011
Author: Brett Moore, Insomnia Security
Original Lin

[ more ]  [ reply ]
Re: Should or shouldn't block public ping to a website 2011-09-07
ShiYih Lye (shiyih lye my offgamers com) (2 replies)
hi,

What Todd said is pretty true, and that is what playing in my mind,
"what does blocking ICMP ping from public will buy me ?"

I have some other suggest me to use TCP traceroute to solve the issue
of not being able to get the traceroute result from my user during
troubleshooting. But the problem

[ more ]  [ reply ]
Re: Should or shouldn't block public ping to a website 2011-09-09
John Hall (j hall f5 com)
Re: Should or shouldn't block public ping to a website 2011-09-09
Andre Correa (andre correa pobox com)
t2â?²11 Challenge to be released 2011-09-10 10:00 EEST 2011-09-04
Tomi Tuominen (tomi tuominen t2 fi)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It is that time of the year again!

Since the dawn of our species (well 2005, if you want to be picky about
it) t2 has been granting free admission to the elite of their kind, the
winners of the t2 Challenges. Donâ??t be suckered in by all the cheap
imi

[ more ]  [ reply ]
Pen Test Interview Day in London Information 2011-08-30
Camille Johnston (camille johnston ascentsourcing com)
Hi all,

I hope everyone had a lovely bank holiday weekend.

I was advised by a pen test friend of mine to use this to find out if any pen testers- especially ones with strong web application skills- are looking for opportunities?

One pen test company I represent is having an interview day i

[ more ]  [ reply ]
NYU Poly CSAW CTF 2011-08-26
CSAW CTF (csaw_ctf isis poly edu)
NYU Poly, the ISIS lab, our CTF team and friends are proud to announce
the 2011 CSAW Application Security Capture The Flag Competition!

The CSAW CTF is an attack-only CTF competition where competitors break
into applications and systems for points.

For more information and rules see:  https://csa

[ more ]  [ reply ]
Ruxcon 2011 Final Call For Papers 2011-08-15
cfp ruxcon org au
Ruxcon 2011 Final Call For Papers

The Ruxcon team is pleased to announce the final call for papers for the seventh annual Ruxcon conference.

This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function Centre, Melbourne, Australia.

The deadline for sub

[ more ]  [ reply ]
[RAID 2011] Call for Participation 2011-08-12
Guofei Gu (smartgophy gmail com)
Apologies for multiple copies of this announcement.

14th International Symposium on Recent Advances in Intrusion Detection
(RAID'2011)

September 20-21, 2011
SRI International, Menlo Park, CA
http://www.raid2011.org

Call for Participation

==========================================================

[ more ]  [ reply ]
RE: [Full-disclosure] CAT Version 1 Released - Web App Testing Tool 2011-08-09
Context IS - Disclosure (disclosure contextis co uk)
Under native Windows, CAT will only use IE to render the HTML. I can see your point as to why you might not want to use IE and I will look into adding in a Gecko rendering option for the next version.

Under Mono it uses the Mono provided WebBrowser control, which rendering engine is used depends

[ more ]  [ reply ]
CAT Version 1 Released - Web App Testing Tool 2011-08-04
Context IS - Disclosure (disclosure contextis co uk)
Context App Tool (CAT) Version 1 has been released.
http://cat.contextis.com

CAT is a tool for manual web application penetration testing and includes the following features:
- Request Repeater ? Used for repeating a single request
- Proxy ? Classic Inline proxy
- Fuzz

[ more ]  [ reply ]
(Page 10 of 330)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus