The Web Security Mailing List (2006 August)

• Thread Index

• Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
  • From: Amit Klein (AKsecurity)
• RE: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
  • From: Billy Hoffman
• [WEB SECURITY] [Administrative] List slow down
  • From: robert
• RE: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
  • From: Amit Klein (AKsecurity)
• Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
  • From: Achim Hoffmann
• [WEB SECURITY] XSS at Netcraft.com
  • From: Valery Marchuk
• Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
  • From: Amit Klein (AKsecurity)
• Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
  • From: Amit Klein (AKsecurity)
• Re: [WEB SECURITY] Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
  • From: Chris Hofmann
• Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
  • From: Amit Klein (AKsecurity)
• [WEB SECURITY] Autocomplete attribute
  • From: Benjamin Hawkes-Lewis
• Re: [WEB SECURITY] Autocomplete attribute
  • From: Andrew van der Stock
• [WEB SECURITY] Announcement: Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations [Whitepaper]
  • From: SPI Labs
• [WEB SECURITY] Article about HttpOnly
  • From: Evert | Collab
• Re: [WEB SECURITY] Article about HttpOnly
  • From: RSnake
• Re: [WEB SECURITY] Article about HttpOnly
  • From: Brian Eaton
• Re: [WEB SECURITY] Article about HttpOnly
  • From: RSnake
• Re: [WEB SECURITY] Autocomplete attribute
  • From: Benjamin Hawkes-Lewis
• [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
  • From: bugtraq
• [WEB SECURITY] Sending multipart/form-data requests from Flash (with arbitrary headers)
  • From: Amit Klein (AKsecurity)
• RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
  • From: Caleb Sima
• [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
  • From: James Pujals
• [WEB SECURITY] Re: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
  • From: Iván Alemán
• Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
  • From: Brian Eaton
• [WEB SECURITY] Top sites for Application security news
  • From: KT
• [WEB SECURITY] Re: [Full-disclosure] Top sites for Application security news
  • From: mikeiscool
• [WEB SECURITY] Re: [Full-disclosure] Top sites for Application security news
  • From: Ivan .
• Re: [WEB SECURITY] Re: [Full-disclosure] Top sites for Application security news
  • From: bugtraq
• RE: [WEB SECURITY] Top sites for Application security news
  • From: Ory Segal
• [WEB SECURITY] Re: [Full-disclosure] Top sites for Application security news
  • From: Alice Bryson <abryson@xxxxxxxxxxxxx>
• Re: [WEB SECURITY] Top sites for Application security news
  • From: Anurag Agarwal
• [WEB SECURITY] Secure coding guidelines
  • From: Anurag Agarwal
• Re: [WEB SECURITY] Top sites for Application security news
  • From: root
• RE: [WEB SECURITY] Secure coding guidelines
  • From: Ory Segal
• [WEB SECURITY] Web app ? : Lieberman's site
  • From: Matt Fisher
• RE: [WEB SECURITY] Secure coding guidelines
  • From: Lorna Alamri
• RE: [WEB SECURITY] Secure coding guidelines
  • From: Matt Fisher
• Re: [WEB SECURITY] Secure coding guidelines
  • From: Anurag Agarwal
• [WEB SECURITY] Bypassing script filters with variable-width encodings
  • From: Chris Weber
• RE: [WEB SECURITY] Article about HttpOnly
  • From: Chris Weber
• Re: [WEB SECURITY] Article about HttpOnly
  • From: Evert | Collab
• RE: [WEB SECURITY] Secure coding guidelines
  • From: Chris Weber
• Re: [WEB SECURITY] Article about HttpOnly
  • From: Brian Eaton
• [WEB SECURITY] Re: [Full-disclosure] Re: [WEB SECURITY] Top sites for Application security news
  • From: Dude VanWinkle
• [WEB SECURITY] Re: [Full-disclosure] Re: [WEB SECURITY] Top sites for Application security news
  • From: sick b0y
• Re: [WEB SECURITY] Article about HttpOnly
  • From: Amit Klein (AKsecurity)
• [WEB SECURITY] (somewhat) breaking the same-origin policy by undermining dns-pinning
  • From: Martin Johns
• [WEB SECURITY] Technical note: under some conditions, it's possible to steal HTTP credentials using Flash
  • From: Amit Klein (AKsecurity)
• RE: [WEB SECURITY] Article about HttpOnly
  • From: Chris Weber
• [WEB SECURITY] "hack-me" Ajax apps?
  • From: Jeff Robertson
• [WEB SECURITY] [Fwd: InterScout Web Forensics Tool Released as Freeware]
  • From: Nick Owen
• Re: [WEB SECURITY] "hack-me" Ajax apps?
  • From: kurt
• RE: [WEB SECURITY] "hack-me" Ajax apps?
  • From: Jeff Robertson
• [WEB SECURITY] Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA
  • From: Dave Wichers
• [WEB SECURITY] Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)"
  • From: Amit Klein (AKsecurity)
• [WEB SECURITY] Re: [SC-L] Registration Now Open!: 3rd Annual US OWASP AppSec Conference - Oct 16-18 2006 - Seattle, WA
  • From: Pascal Meunier
• [WEB SECURITY] Registration Now Open!: Security OPUS Infosec Conference - Oct 2-5 2006 - San Francisco, CA
  • From: Richard Lindberg
• [WEB SECURITY] World Summit on Intrusion Prevention
  • From: wsip
• Re: [WEB SECURITY] World Summit on Intrusion Prevention
  • From: H. Morrow Long
• [WEB SECURITY] RE: World Summit on Intrusion Prevention
  • From: Anthony J Biacco
• [WEB SECURITY] Corsaire White Paper: Assessing Java Clients with the BeanShell
  • From: Stephen de Vries
• [WEB SECURITY] DDOS extortion
  • From: Brian Eaton
• [WEB SECURITY] Re: "hack-me" Ajax apps?
  • From: Andrew van der Stock
• [WEB SECURITY] Mitnick's website hacked (again)
  • From: Jeremiah Grossman
• [WEB SECURITY] Google Redirect URL actively used for Phishing
  • From: Jeremiah Grossman
• Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
  • From: Ryan Barnett
• Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
  • From: Collin Jackson
• Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
  • From: Jeremiah Grossman
• Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
  • From: Brian Eaton
• Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
  • From: Evert | Rooftop
• Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
  • From: RSnake
• Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
  • From: Brian Eaton
• Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
  • From: Evert | Rooftop
• [WEB SECURITY] WiKID 2.1.1 released
  • From: Nick Owen
• Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
  • From: RSnake
• [WEB SECURITY] RE: Environment for testing WebApp Security Scanners
  • From: Evans, Arian
• Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners
  • From: Enis Karaarslan
• Re: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners
  • From: Martin Johns
• RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners
  • From: Jeff Robertson
• RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners
  • From: Enis Karaarslan
• RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners
  • From: Joseph Peloquin
• RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners
  • From: Joseph Peloquin
• RE: [WEB SECURITY] RE: Environment for testing WebApp Security Scanners
  • From: Enis Karaarslan
• [WEB SECURITY] Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms
  • From: Maxime Ducharme
• [WEB SECURITY] Re: Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms
  • From: Jorge Augusto Senger
• [WEB SECURITY] Hacme Casino v1.0
  • From: alex.smolen
• [WEB SECURITY] Resources for testing hosted/ASP sites
  • From: Joshua Jabs
• RE: [WEB SECURITY] Resources for testing hosted/ASP sites
  • From: Evans, Arian
• [WEB SECURITY] Time Parameter For Expiration of the Session
  • From: Bergel B, Gabriel
• Re: [WEB SECURITY] Time Parameter For Expiration of the Session
  • From: Brian Eaton
• Re: [WEB SECURITY] Article about HttpOnly
  • From: Brian Eaton
• Re: [WEB SECURITY] Article about HttpOnly
  • From: Kanatoko
• [WEB SECURITY] MySpace "private" profiles unmasked
  • From: Jeremiah Grossman
• [WEB SECURITY] AT&T Online store hacked (19,000 exposed CC #'s)
  • From: Jeremiah Grossman
• [WEB SECURITY] Doorman@JUMPERZ.NET Released
  • From: Kanatoko