The Web Security Mailing List (2006 July)

Date Index

[WEB SECURITY] JavaScript Malware, port scanning, and beyond, Jeremiah Grossman
- RE: [WEB SECURITY] JavaScript Malware, port scanning, and beyond, Billy Hoffman
  - Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond, Jeremiah Grossman
- Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond, Amit Klein (AKsecurity)
  - Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond, Jeremiah Grossman
[WEB SECURITY] Reminder: WASC Meet-up at Black Hat (USA 2006), contact
- Re: [WEB SECURITY] Reminder: WASC Meet-up at Black Hat (USA 2006), Jeremiah Grossman
- <Possible follow-ups>
- RE: [WEB SECURITY] Reminder: WASC Meet-up at Black Hat (USA 2006), contact
[WEB SECURITY] XSS Hands on Podcast has been released, Dan Kuykendall
[WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript, Billy Hoffman
- Re: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript, RSnake
  - RE: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript, Billy Hoffman
    - RE: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript, Arian J. Evans
- Re: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript, Amit Klein (AKsecurity)
  - RE: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript, Billy Hoffman
    - RE: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript, Amit Klein (AKsecurity)
[WEB SECURITY] Netscape.com persistent XSS attack, Jeremiah Grossman
[WEB SECURITY] HttpOnly and Firefox, Stefano Di Paola
- Re: [WEB SECURITY] HttpOnly and Firefox, Gervase Markham
  - Re: [WEB SECURITY] HttpOnly and Firefox, Stefano Di Paola
[WEB SECURITY] what if phishing went away?, Brian Eaton
- RE: [WEB SECURITY] what if phishing went away?, Lyal Collins
- RE: [WEB SECURITY] what if phishing went away?, Matt Fisher
  - RE: [WEB SECURITY] what if phishing went away?, Andre Maisonneuve
    - RE: [WEB SECURITY] what if phishing went away?, RSnake
    - Re: [WEB SECURITY] what if phishing went away?, Brian Eaton
    - Re: [WEB SECURITY] what if phishing went away?, RSnake
    - Re: [WEB SECURITY] what if phishing went away?, Brian Eaton
[WEB SECURITY] citibank XSS?, Brian Eaton
- Re: [WEB SECURITY] citibank XSS?, Thierry Zoller
  - Re: [WEB SECURITY] citibank XSS?, Jeremiah Grossman
    - Re: [WEB SECURITY] citibank XSS?, Brian Eaton
    - Re: [WEB SECURITY] citibank XSS?, Jeremiah Grossman
[WEB SECURITY] Write-up by Amit Klein: "Forging HTTP request headers with Flash", Amit Klein (AKsecurity)
- [WEB SECURITY] ERRATA (Re: [WEB SECURITY] Write-up by Amit Klein: "Forging HTTP request headers with Flash"), Amit Klein (AKsecurity)
[WEB SECURITY] Identity 2.0, Evans, Arian
[WEB SECURITY] PayPal XSS Exploit available for two years?, bugtraq
[WEB SECURITY] MySpace advert infects visitors with spyware, Jeremiah Grossman
[WEB SECURITY] analyzing web application attack data, Jeremiah Grossman
- Re: [WEB SECURITY] analyzing web application attack data, Ryan Barnett
[WEB SECURITY] Data Validation, Pedram Hayati
- Re: [WEB SECURITY] Data Validation, Stephen de Vries
[WEB SECURITY] MySpace Flash worm, Jeremiah Grossman
- RE: [WEB SECURITY] MySpace Flash worm, Will Jefferies
[WEB SECURITY] application attacks, shadi Aljawarneh
- Re: [WEB SECURITY] application attacks, AF
  - RE: [WEB SECURITY] application attacks, Dennis Hurst
    - RE: [WEB SECURITY] application attacks, Schmidt, Albert E
  - RE: [WEB SECURITY] application attacks, Andre Maisonneuve
[WEB SECURITY] Output Validation methodologies, Pedram Hayati
[WEB SECURITY] Wanted: Pen-tester, Vulnerability Assessment specialist, Tom Carter
RE: [WEB SECURITY] SQL Injection:Paros and patent violation, MKP
RE: [WEB SECURITY] SQL Injection, Mohr, James
- Re: [WEB SECURITY] SQL Injection, Dan Kuykendall
- <Possible follow-ups>
- RE: [WEB SECURITY] SQL Injection, Evans, Arian
[WEB SECURITY] Turning off SSL after a hack?, Jeremiah Grossman
- Re: [WEB SECURITY] Turning off SSL after a hack?, Brian Eaton
[WEB SECURITY] RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google, tcp fin
- <Possible follow-ups>
- [WEB SECURITY] RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google, PPowenski
[WEB SECURITY] Phishing attacks circumventing two-factor auth, Jeremiah Grossman
- RE: [WEB SECURITY] Phishing attacks circumventing two-factor auth, dpw
  - Re: [WEB SECURITY] Phishing attacks circumventing two-factor auth, Brian Eaton
    - RE: [WEB SECURITY] Phishing attacks circumventing two-factor auth, dpw
    - Re: [WEB SECURITY] Phishing attacks circumventing two-factor auth, Brian Eaton
    - Re: [WEB SECURITY] Phishing attacks circumventing two-factor auth, Josh L. Perrymon
    - Re: [WEB SECURITY] Phishing attacks circumventing two-factor auth, Nick Owen
- RE: [WEB SECURITY] Phishing attacks circumventing two-factor auth, Nick Owen
- <Possible follow-ups>
- RE: [WEB SECURITY] Phishing attacks circumventing two-factor auth, Glenn.Everhart
- RE: [WEB SECURITY] Phishing attacks circumventing two-factor auth, sarah mann
  - Re: [WEB SECURITY] Phishing attacks circumventing two-factor auth, Nick Owen
[WEB SECURITY] application security consulting, Hong Mich
- Re: [WEB SECURITY] application security consulting, solutions_PHP
- Re: [WEB SECURITY] application security consulting, Paul Laudanski
- RE: [WEB SECURITY] application security consulting, Darren Webb
- <Possible follow-ups>
- RE: [WEB SECURITY] application security consulting, robert
  - RE: [WEB SECURITY] SQL Injection, Schmidt, Albert E
    - RE: [WEB SECURITY] SQL Injection, Will Jefferies
    - Re: [WEB SECURITY] SQL Injection, Joel R. Helgeson
    - Re: [WEB SECURITY] SQL Injection, J. Santosh Kumar
    - RE: [WEB SECURITY] SQL Injection, Dennis Panduro Rand
[WEB SECURITY] RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google, Martin O'Neal
- <Possible follow-ups>
- [WEB SECURITY] RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google, Mike Duncan
  - [WEB SECURITY] Re: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google, Peter Dawson
  - Re: [WEB SECURITY] Cross Site Scripting in Google, Joseph Peloquin
    - Re: [WEB SECURITY] Cross Site Scripting in Google, Dennis Groves
[WEB SECURITY] About Sarbanes-Oxley, Albert
- [WEB SECURITY] A Chronology of Data Security Breaches, Joel R. Helgeson
[WEB SECURITY] Cross Site Scripting in Google, RSnake
- Re: [WEB SECURITY] Cross Site Scripting in Google, bugtraq
  - Re: [WEB SECURITY] Cross Site Scripting in Google, RSnake
    - [WEB SECURITY] Re: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google, Javor Ninov
[WEB SECURITY] Nations Holding, FTC settlement, Jeremiah Grossman
[WEB SECURITY] Browser Fun Blog, Jeremiah Grossman
[WEB SECURITY] About Sarbanes-Oxley., sender
- Re: [WEB SECURITY] About Sarbanes-Oxley., Andrew van der Stock
  - Re: [WEB SECURITY] About Sarbanes-Oxley., Dinis Cruz
- Re: [WEB SECURITY] About Sarbanes-Oxley., Frederic Charpentier
Re: [WEB SECURITY] Brute Force authentication attack, skarvin
- Re: [WEB SECURITY] Brute Force authentication attack, Daniele Bellucci
- <Possible follow-ups>
- RE: [WEB SECURITY] Brute Force authentication attack, Mark Mcdonald
  - Re: [WEB SECURITY] Brute Force authentication attack, skarvin
    - RE: [WEB SECURITY] Brute Force authentication attack, Joseph Peloquin
    - Re: [WEB SECURITY] Brute Force authentication attack, skarvin
    - RE: [WEB SECURITY] Brute Force authentication attack, Joseph Peloquin

Brought to you by http://www.webappsec.org