Web Application Security Mode:
(Page 12 of 334)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
synja synfulvisions com

On 2/8/12 10:30 AM, "mc" <mccansecure (at) gmail (dot) com [email concealed]> wrote:

>Hi All
>I want to create a Security Tools Tree since it is very difficult to keep
>track of all tools.
>Please see this blog and help to generate the tree. Your suggestions are
>valuable for the securit

[ more ]  [ reply ]
Re: Directory Scanner 2012-02-09
Vedantam Sekhar (vedantamsekhar gmail com)

Probably you can implement authentication to these pages, if you want
specific users can access these pages.
or probably, you can block the IP for specific time period after un
successfull requests to non-eisting files.



On Tue, Feb 7, 2012 at 11:19 PM, Thugzclub Thugzclub

[ more ]  [ reply ]
Vedantam Sekhar (vedantamsekhar gmail com)
I was working on this some time back. probably you can see the mind
map version of my work here




On Thu, Feb 9, 2012 at 1:47 PM, gold flake <ptinstructor (at) gmail (dot) com [email concealed]> wrote:
>  A b

[ more ]  [ reply ]
Christopher Siedlecki (christopher sied gmail com)
I think everybody in a security community tried at least once in their
lifetime to put all their favorite tools into a nice organized
fashion. It is a daunting experience, but worthwhile. There is a quite
a good book which might be of your interest "Digital Forensics with
Open Source Tools" ISBN-10:

[ more ]  [ reply ]
Mapping an application - Access control testing - Helper tool 2012-02-11
arvind doraiswamy (arvind doraiswamy gmail com)
Hi All,
Here is a very small tool that I recently wrote. This helps you when
you're mapping an application out and want a list of all the
combinations of access control that you want to check. So for example:
There are 5 menus that are accessible only to an Admin level user and
4 other types of user

[ more ]  [ reply ]
Re: Apache Killer - take 2? 2012-01-23
Damiano Bolzoni (damiano bolzoni utwente nl)
On 1/23/12 2:40 PM, Anestis Bechtsoudis wrote:

> Apache byte-range killer use many small byte-range chunks in a single
> request. So no, your attached request is not related to such an attack.

You are right, I didn't write it down properly...what I meant is
"doesn't it look like a clumsy way to ex

[ more ]  [ reply ]
Apache Killer - take 2? 2012-01-19
Damiano Bolzoni (damiano bolzoni utwente nl) (1 replies)
Hi all,
today we saw a weird HTTP header in a request that came to a web server
we are monitoring:

HEAD /contact HTTP/1.1
Content-Range: bytes 1-1024/-1
User-Agent: Opera/9.80 (Windows NT 5.1; U; pl) Presto/2.5.22 Version/10.51
Host: www.xyz.nl
Accept: */*

The offending IP is not in any blacklist

[ more ]  [ reply ]
Re: Apache Killer - take 2? 2012-01-23
Anestis Bechtsoudis (bechtsoudis a gmail com)
CarolinaCon-8/2012 - Final Announcement/Call for Papers/Presenters/Speakers 2012-01-12
Vic Vandal (vvandal well com)
h4x0rs, InfoSec professionals, international spies, script kidz, and posers,

CarolinaCon-8 will occur on May 11th-13th 2012 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event.

If you are somewhat knowledgeable in any interesting field of hacking,

[ more ]  [ reply ]
OWASP AsiaPac 2012 - Sydney Australia CFP and CFT 2012-01-12
Andrew van der Stock (vanderaj greebo net)

In 2012, OWASP is holding Global AppSec AsiaPac Conference in Sydney Australia! OWASP Asia Pacific is the foremost Application Security conference for the region, and brings together the community in a central meeting for 4 days to discuss and present on recent and current Application S

[ more ]  [ reply ]
RE: Application Security 2012-01-12
Milind Nanal (Milind Nanal eclerx com)
Reference on the subject. Members view on these points how they are managing similar
Requirement. Information on tools etc.

Milind Nanal

-----Original Message-----
From: Yiannis Koukouras [mailto:ikoukouras (at) gmail (dot) com [email concealed]]
Sent: Wednesday, January 11, 2012 6:33 PM
To: Milind Nanal
Cc: sec

[ more ]  [ reply ]
Re: Application Security 2012-01-11
Yiannis Koukouras (ikoukouras gmail com)

Not sure what you are actually looking for...

Are you looking for references on those subjects or are you looking to
recruit people to perform this tasks?

Ioannis (Yiannis) Koukouras
MSc in Computer Systems Security
BEng in Electronic Engineering

[ more ]  [ reply ]
Application Security 2012-01-04
Milind Nanal (Milind Nanal eclerx com)
Hi Mailing list,

Seeking help below scenario :

1) The organization software development life cycle where in application security needs to be plugged in as focused approach.
2) Deployment & planning on roles & responsibilities of dedicated 4-5 members as apps tester & an apps test manager from in

[ more ]  [ reply ]
Re: stacking proxies 2012-01-04
Robin Wood (robin digininja org)
On Jan 4, 2012 8:46 AM, "David Hardy" <davehardy20 (at) gmail (dot) com [email concealed]> wrote:
> Hi Robin,
> I was at the talk that Jason did at Brucon, I think there is a little confusion, what he meant was chaining proxy based scanners, ie burp thro Acunetix thro Webinspect etc.
> It sounded a strange thing to do and

[ more ]  [ reply ]
AppSec DC 2012 CFP EXTENDED! 2012-01-06
AppSec DC (cfp appsecdc org)

Many of you have written to us asking about the requirement for a
paper in our CFP hosted on EasyChair.  Due to an unforseen change in
the way EasyChair works, you are no longer able to configure a
submission to require only an abstract as we thought we had done, and
done in the past.  To be c

[ more ]  [ reply ]
Re: stacking proxies 2012-01-02
Robert Hajime Lanning (robert lanning gmail com)
I am putting together: (in this order)Nginx (ssl)Varnish
(caching)Haproxy (load balancing/fail over)
On Dec 31, 2011 10:29 PM, "Robin Wood" <robin (at) digininja (dot) org [email concealed]> wrote:
> I watched Jason Haddix talk at BruCon and he talked about stacking
> proxy servers when doing web app tests so that you could g

[ more ]  [ reply ]
Re: stacking proxies 2012-01-01
Robin Wood (robin digininja org)
On 1 January 2012 11:24, BookBag <asaad2 (at) gmail (dot) com [email concealed]> wrote:
> I tunnel everything thru tor. But be careful as DNS requests sometimes are
> done thru your IP. So its best to get your ip's thru any proxy and do the
> tests thru tor after you've got your ip's

Most of my clients like to know where the a

[ more ]  [ reply ]
stacking proxies 2011-12-31
Robin Wood (robin digininja org) (1 replies)
I watched Jason Haddix talk at BruCon and he talked about stacking
proxy servers when doing web app tests so that you could get the best
out of each one.

I've been meaning to ask for a while, what proxies do people use when
stacking and in what order?


This list is sponsored by Cenzic

[ more ]  [ reply ]
Re: stacking proxies 2012-01-02
Jamie Riden (jamie riden gmail com)
Positive Hack Days 2012 - Call For Paper 2011-12-21
cfp (cfp phdays com)
Positive Hack Days 2012 - Call For Paper
30-31 May 2012 / Moscow / Russia

What comes to your mind when you think of Russia? Fyodor [Dostoevsky] and Moscow? Sputnik and bears? Vodka and matryoshkas? Or Russian hackers?

Positive Russian hackers, organizers of the Positive Hack

[ more ]  [ reply ]
Novell Sentinel Log Manager <= Path Traversal 2011-12-18
Andrea Fabrizi (andrea fabrizi gmail com)
Vuln: Path Traversal
Application: Sentinel Log Manager
Vendor: Novell
Version affected: <=
Website: http://www.novell.com/products/sentinel-log-manager/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi (at) gmail (dot) com [email concealed]
Web: http://ww

[ more ]  [ reply ]
SANS AppSec 2012 CFP reminder 2011-12-02
SANS AppSec CFP (callforpapers-appsec sans org)
Hi everyone,

It's been over a month since we first announced the CFP for the SANS
AppSec Summit being held in Las Vegas, Nevada on April 30 - May 1, 2012.

We've received a number of great submissions so far but there's only two
months left until the deadline on February 1, 2012. If you'd like to

[ more ]  [ reply ]
CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday. Dec 5 2011 2011-12-02
Dragos Ruiu (dr kyx net)
So after a dozen years or so organizing conferences, you
get the urge to pull levers and try experimenting with
things. So this year I sent out the CanSecWest CFP
only over Twitter, and G+ publicly. Just curious as to the
adoption and information dispersion rate, and some
estimate of the attent

[ more ]  [ reply ]
different ways to use INTO OUTFILE in MySQL 2011-11-25
Robin Wood (robin digininja org)
I've been talking to Miroslav (sqlmap developer) about the way he
creates files using INTO OUTFILE. He uses the following syntax:

select "" INTO OUTFILE "/tmp/x" LINES TERMINATED BY "<?php exec('ls');?>";

But I've always used:

select "<?php exec('ls');?>" INTO OUTFILE "/tmp/y";

Both end up wi

[ more ]  [ reply ]
CarolinaCon-8 (2012) Call for Papers/Presenters/Speakers 2011-11-21
Vic Vandal (vvandal well com)
CarolinaCon-8/2012 - Call for Papers/Presenters/Speakers

h4x0rs, InfoSec professionals, international spies, script kidz, and posers,

CarolinaCon-8 will occur on May 11th-13th 2012 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event.

If you are s

[ more ]  [ reply ]
Understanding the four attack modes in Burp Intruder 2011-11-09
Robin Wood (robin digininja org)
Seeing as I have to think about which mode does what when using Burp
Intruder I decided to do a blog post about it to hopefully solidify it
in my mind and help anyone else who wasn't sure:



This list is sponsored by Cenzic

[ more ]  [ reply ]
New w3af release! (1.1) 2011-11-10
Andres Riancho (andres riancho gmail com)

Today we're releasing version 1.1 of w3af which includes the
following changes:

* Considerably increased performance by implementing gzip encoding
* Enhanced embedded bug report system using Trac's XMLRPC
* Fixed hundreds of bugs
* Fixed critical bug in au

[ more ]  [ reply ]
MSIS research 2011-11-10
Steve Sirag (stevesirag gmail com)

My name is Steve Sirag. I'm studying for my Master's of Science in
Information Systems (emphasis on security).

My final research project is to discover the limits corporate
networks place on social networking applications, and

how it compares to online and print discussions of the same.

[ more ]  [ reply ]
WordPress All Versions Full Path Disclosure (FPD) 2011-11-08
Ryan Dewhurst (ryandewhurst gmail com)

As part of my research on my tool WPScan, I have run the inspathx tool
against every version of WordPress released, excluding BETA and MU

The result is this tar file which contains a txt file for every
version of WordPress and the Full Path Disclosure vulnerabilities
which effect the

[ more ]  [ reply ]
(Page 12 of 334)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


Privacy Statement
Copyright 2010, SecurityFocus