The Web Security Mailing List (2006 September)

Date Index

[WEB SECURITY] Call for panelists: "The role of frameworks (e.g., .Net, Java, Enterprise Library, Struts, JaCorb) in 'forcing' developers to create and deploy 'secure' applications" panel in the next OWASP Conference, Dinis Cruz
[WEB SECURITY] Comparitive data of vulnerability scanners, Fayyaz Ahmad
- Re: [WEB SECURITY] Comparitive data of vulnerability scanners, Dinis Cruz
[WEB SECURITY] Stealing Search Engine Queries with JavaScript, Billy Hoffman
- Re: [WEB SECURITY] Stealing Search Engine Queries with JavaScript, Chris Hofmann
  - Re: [WEB SECURITY] Stealing Search Engine Queries with JavaScript, Collin Jackson
- Re: [WEB SECURITY] Stealing Search Engine Queries with JavaScript, Brian Eaton
- Re: [WEB SECURITY] Stealing Search Engine Queries with JavaScript, Ian
Re: [WEB SECURITY] Severity Rating of Cross Site Scripting, offtopic
Re: [WEB SECURITY] Website / Database Security Architecture - Best Practices ..., Idvweb
- Re: [WEB SECURITY] Website / Database Security Architecture - Best Practices ..., Ryan Barnett
- RE: [WEB SECURITY] Website / Database Security Architecture - Best Practices ..., Jeff Robertson
- <Possible follow-ups>
- Re: [WEB SECURITY] Website / Database Security Architecture - Best Practices ..., Idvweb
[WEB SECURITY] Website / Database Security Architecture - Best Practices Needed, Idvweb
- Re: [WEB SECURITY] Website / Database Security Architecture - Best Practices Needed, Michael Vergoz
- <Possible follow-ups>
- Re: [WEB SECURITY] Website / Database Security Architecture - Best Practices Needed, Don_Tuer
[WEB SECURITY] Interview With Modsecurity Author Ivan Ristic, bugtraq
[WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?, Michael Sutton
- RE: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?, Matt Fisher
  - Re: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?, Jeremiah Grossman
    - RE: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?, Jeff Robertson
    - RE: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?, Bob Auger
    - RE: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?, Jeff Robertson
    - RE: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?, Schmidt, Albert E
- Re: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?, Jeremiah Grossman
[WEB SECURITY] invalidating session using ajax, Chad Maniccia
- Re: [WEB SECURITY] invalidating session using ajax, Cody Caughlan
  - Re: [WEB SECURITY] invalidating session using ajax, James Landis
[WEB SECURITY] Severity Rating of Cross Site Scripting, Jeremiah Grossman
- Re: [WEB SECURITY] Severity Rating of Cross Site Scripting, Ryan Barnett
  - Re: [WEB SECURITY] Severity Rating of Cross Site Scripting, Jeremiah Grossman
    - Re: [WEB SECURITY] Severity Rating of Cross Site Scripting, Brian Eaton
- Re: [WEB SECURITY] Severity Rating of Cross Site Scripting, Achim Hoffmann
- Re: [WEB SECURITY] Severity Rating of Cross Site Scripting, Irene Abezgauz
  - RE: [WEB SECURITY] Severity Rating of Cross Site Scripting, Henry Troup
    - RE: [WEB SECURITY] Severity Rating of Cross Site Scripting, Jeff Robertson
  - RE: [WEB SECURITY] Severity Rating of Cross Site Scripting, Matt Fisher
- <Possible follow-ups>
- RE: [WEB SECURITY] Severity Rating of Cross Site Scripting, Bill McGee \(bam\)
  - Re: [WEB SECURITY] Severity Rating of Cross Site Scripting, Jeremiah Grossman
    - Re: [WEB SECURITY] Severity Rating of Cross Site Scripting, James Landis
    - Re: [WEB SECURITY] Severity Rating of Cross Site Scripting, Adam Muntner
    - RE: [WEB SECURITY] Severity Rating of Cross Site Scripting, Jeff Robertson
  - [WEB SECURITY] "must fix" RE: [WEB SECURITY] Severity Rating of Cross Site Scripting, Chris Weber
    - RE: [WEB SECURITY] "must fix" RE: [WEB SECURITY] Severity Rating of Cross Site Scripting, Jeff Robertson
    - RE: [WEB SECURITY] "must fix" RE: [WEB SECURITY] Severity Rating of Cross Site Scripting, Chris Weber
[WEB SECURITY] Duplicate jsessionid cookies in request, Rami Mizrahi
- RE: [WEB SECURITY] Duplicate jsessionid cookies in request, Dennis Hurst
  - Re: [WEB SECURITY] Duplicate jsessionid cookies in request, Rami Mizrahi
- Re: [WEB SECURITY] Duplicate jsessionid cookies in request, Achim Hoffmann
[WEB SECURITY] Looking for Addressing some Questions, mohammad zoroufi
- Re: [WEB SECURITY] Looking for Addressing some Questions, Randal L. Schwartz
  - RE: [WEB SECURITY] Looking for Addressing some Questions, Billy Hoffman
- <Possible follow-ups>
- [WEB SECURITY] Looking for Addressing some Questions, mohammad zoroufi
  - [WEB SECURITY] invalidating session using ajax, Anurag Agarwal
- RE: [WEB SECURITY] Looking for Addressing some Questions, Ory Segal
  - RE: [WEB SECURITY] Looking for Addressing some Questions, Matt Fisher
  - RE: [WEB SECURITY] Looking for Addressing some Questions, Adam Muntner
- RE: [WEB SECURITY] Looking for Addressing some Questions, Ory Segal
  - RE: [WEB SECURITY] Looking for Addressing some Questions, Billy Hoffman
[WEB SECURITY] Self-contained XSS Attacks (the new generation of XSS), pdp (architect)
- [WEB SECURITY] Re: [Full-disclosure] Self-contained XSS Attacks (the new generation of XSS), Tim
  - [WEB SECURITY] Re: [Full-disclosure] Self-contained XSS Attacks (the new generation of XSS), pdp (architect)
[WEB SECURITY] Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting), pdp (architect)
[WEB SECURITY] Microsoft Security Clamp, Dharmesh Mehta
[WEB SECURITY] Looking for Resource(s), mohammad zoroufi
- Re: [WEB SECURITY] Looking for Resource(s), Dinis Cruz
[WEB SECURITY] Anybody got a licenced copy of Acunetix, Centric or other Web App Scans?, Dinis Cruz
[WEB SECURITY] Thor 0.99 released, pak76
[WEB SECURITY] AttackAPI (0.7), pdp (architect)
[WEB SECURITY] Google Search API Worms, pdp (architect)
- <Possible follow-ups>
- RE: [WEB SECURITY] Google Search API Worms, Billy Hoffman
[WEB SECURITY] Current events or trends in Identity theft via website hacking, Schmidt, Albert E
- Re: [WEB SECURITY] Current events or trends in Identity theft via website hacking, offset
  - [WEB SECURITY] Stored Procedures Vs. Simple String Concatenation When Protecting Against SQL injections, Schmidt, Albert E
    - RE: [WEB SECURITY] Stored Procedures Vs. Simple String Concatenation When Protecting Against SQL injections, Jeff Robertson
    - Re: [WEB SECURITY] Stored Procedures Vs. Simple String Concatenation When Protecting Against SQL injections, Stefano Di Paola
- <Possible follow-ups>
- RE: [WEB SECURITY] Current events or trends in Identity theft via website hacking, Ory Segal
[WEB SECURITY] Implementing Logout in ASP.NET, Dharmesh Mehta
- Re: [WEB SECURITY] Implementing Logout in ASP.NET, Dinis Cruz
  - Re: [WEB SECURITY] Implementing Logout in ASP.NET, Dharmesh Mehta
    - Re: [WEB SECURITY] Implementing Logout in ASP.NET, AF
    - Re: [WEB SECURITY] Implementing Logout in ASP.NET, AF
    - Re: [WEB SECURITY] Implementing Logout in ASP.NET, Dinis Cruz
- <Possible follow-ups>
- RE: [WEB SECURITY] Implementing Logout in ASP.NET, Susheel Kumar
- Re: [WEB SECURITY] Implementing Logout in ASP.NET, Henry Troup
[WEB SECURITY] LDAP query, White, Dain P
- Re: [WEB SECURITY] LDAP query, Stephen de Vries
  - Re: [WEB SECURITY] LDAP query, Brian Eaton
- <Possible follow-ups>
- RE: [WEB SECURITY] LDAP query, White, Dain P
[WEB SECURITY] Host header cannot be trusted as an anti anti DNS-pinning measure, Amit Klein (AKsecurity)
[WEB SECURITY] SIFT Web Method Search Tool, Daniel Grzelak
[WEB SECURITY] New PCI requires code review or WAF, Jeff Williams
- RE: [WEB SECURITY] New PCI requires code review or WAF, Jeff Robertson
  - Re: [WEB SECURITY] New PCI requires code review or WAF, Dave Ockwell-Jenner
  - Re: [WEB SECURITY] New PCI requires code review or WAF, Nick Owen
  - Re: [WEB SECURITY] New PCI requires code review or WAF, Jeremiah Grossman
[WEB SECURITY] Static Web Application Auditing Tool, Nish Bhalla
[WEB SECURITY] Looking for an example of letter of authorization for a pen test, Jason Wood
- Re: [WEB SECURITY] Looking for an example of letter of authorization for a pen test, ilaiy
- Re: [WEB SECURITY] Looking for an example of letter of authorization for a pen test, Ryan Barnett
- RE: [WEB SECURITY] Looking for an example of letter of authorization for a pen test, Clement Dupuis
- Re: [WEB SECURITY] Looking for an example of letter of authorization for a pen test, Jason Wood
[WEB SECURITY] Microsoft Research Builds BrowserShield, bugtraq
- Re: [WEB SECURITY] Microsoft Research Builds BrowserShield, Secure Sauce
- [WEB SECURITY] Re: Microsoft Research Builds BrowserShield, Michal Zalewski
  - [WEB SECURITY] Re: Microsoft Research Builds BrowserShield, Sap .
    - Re: [WEB SECURITY] Re: Microsoft Research Builds BrowserShield, Hong Cho
Re: [WEB SECURITY] Google Redirect URL actively used for Phishing, Paul Laudanski
Re: [WEB SECURITY] Article about HttpOnly, Theo Spears
- <Possible follow-ups>
- Re: [WEB SECURITY] Article about HttpOnly, Jeremiah Grossman
- RE: [WEB SECURITY] Article about HttpOnly, Jeff Robertson
- Re: [WEB SECURITY] Article about HttpOnly, Kanatoko
[WEB SECURITY] OWASP Autumn Of Code 2006, Dinis Cruz
[WEB SECURITY] Heap Overrun exploitation, 3 shool

Brought to you by http://www.webappsec.org