The Web Security Mailing List (2006 September)

• Thread Index

• [WEB SECURITY] Heap Overrun exploitation
  • From: 3 shool
• [WEB SECURITY] OWASP Autumn Of Code 2006
  • From: Dinis Cruz
• Re: [WEB SECURITY] Article about HttpOnly
  • From: Theo Spears
• Re: [WEB SECURITY] Google Redirect URL actively used for Phishing
  • From: Paul Laudanski
• Re: [WEB SECURITY] Article about HttpOnly
  • From: Jeremiah Grossman
• RE: [WEB SECURITY] Article about HttpOnly
  • From: Jeff Robertson
• Re: [WEB SECURITY] Article about HttpOnly
  • From: Kanatoko
• [WEB SECURITY] Microsoft Research Builds BrowserShield
  • From: bugtraq
• Re: [WEB SECURITY] Microsoft Research Builds BrowserShield
  • From: Secure Sauce
• [WEB SECURITY] Looking for an example of letter of authorization for a pen test
  • From: Jason Wood
• Re: [WEB SECURITY] Looking for an example of letter of authorization for a pen test
  • From: ilaiy
• Re: [WEB SECURITY] Looking for an example of letter of authorization for a pen test
  • From: Ryan Barnett
• RE: [WEB SECURITY] Looking for an example of letter of authorization for a pen test
  • From: Clement Dupuis
• Re: [WEB SECURITY] Looking for an example of letter of authorization for a pen test
  • From: Jason Wood
• [WEB SECURITY] Static Web Application Auditing Tool
  • From: Nish Bhalla
• [WEB SECURITY] Re: Microsoft Research Builds BrowserShield
  • From: Michal Zalewski
• [WEB SECURITY] New PCI requires code review or WAF
  • From: Jeff Williams
• [WEB SECURITY] SIFT Web Method Search Tool
  • From: Daniel Grzelak
• [WEB SECURITY] Host header cannot be trusted as an anti anti DNS-pinning measure
  • From: Amit Klein (AKsecurity)
• RE: [WEB SECURITY] New PCI requires code review or WAF
  • From: Jeff Robertson
• Re: [WEB SECURITY] New PCI requires code review or WAF
  • From: Dave Ockwell-Jenner
• [WEB SECURITY] LDAP query
  • From: White, Dain P
• Re: [WEB SECURITY] LDAP query
  • From: Stephen de Vries
• Re: [WEB SECURITY] New PCI requires code review or WAF
  • From: Nick Owen
• RE: [WEB SECURITY] LDAP query
  • From: White, Dain P
• Re: [WEB SECURITY] LDAP query
  • From: Brian Eaton
• Re: [WEB SECURITY] New PCI requires code review or WAF
  • From: Jeremiah Grossman
• [WEB SECURITY] Re: Microsoft Research Builds BrowserShield
  • From: Sap .
• Re: [WEB SECURITY] Re: Microsoft Research Builds BrowserShield
  • From: Hong Cho
• [WEB SECURITY] Implementing Logout in ASP.NET
  • From: Dharmesh Mehta
• RE: [WEB SECURITY] Implementing Logout in ASP.NET
  • From: Susheel Kumar
• Re: [WEB SECURITY] Implementing Logout in ASP.NET
  • From: Dinis Cruz
• Re: [WEB SECURITY] Implementing Logout in ASP.NET
  • From: Henry Troup
• Re: [WEB SECURITY] Implementing Logout in ASP.NET
  • From: Dharmesh Mehta
• Re: [WEB SECURITY] Implementing Logout in ASP.NET
  • From: AF
• Re: [WEB SECURITY] Implementing Logout in ASP.NET
  • From: AF
• Re: [WEB SECURITY] Implementing Logout in ASP.NET
  • From: Dinis Cruz
• [WEB SECURITY] Current events or trends in Identity theft via website hacking
  • From: Schmidt, Albert E
• RE: [WEB SECURITY] Current events or trends in Identity theft via website hacking
  • From: Ory Segal
• Re: [WEB SECURITY] Current events or trends in Identity theft via website hacking
  • From: offset
• [WEB SECURITY] Stored Procedures Vs. Simple String Concatenation When Protecting Against SQL injections
  • From: Schmidt, Albert E
• RE: [WEB SECURITY] Stored Procedures Vs. Simple String Concatenation When Protecting Against SQL injections
  • From: Jeff Robertson
• Re: [WEB SECURITY] Stored Procedures Vs. Simple String Concatenation When Protecting Against SQL injections
  • From: Stefano Di Paola
• [WEB SECURITY] Google Search API Worms
  • From: pdp (architect)
• RE: [WEB SECURITY] Google Search API Worms
  • From: Billy Hoffman
• [WEB SECURITY] AttackAPI (0.7)
  • From: pdp (architect)
• [WEB SECURITY] Thor 0.99 released
  • From: pak76
• [WEB SECURITY] Anybody got a licenced copy of Acunetix, Centric or other Web App Scans?
  • From: Dinis Cruz
• [WEB SECURITY] Looking for Resource(s)
  • From: mohammad zoroufi
• [WEB SECURITY] Microsoft Security Clamp
  • From: Dharmesh Mehta
• [WEB SECURITY] Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)
  • From: pdp (architect)
• Re: [WEB SECURITY] Looking for Resource(s)
  • From: Dinis Cruz
• [WEB SECURITY] Self-contained XSS Attacks (the new generation of XSS)
  • From: pdp (architect)
• [WEB SECURITY] Re: [Full-disclosure] Self-contained XSS Attacks (the new generation of XSS)
  • From: Tim
• [WEB SECURITY] Re: [Full-disclosure] Self-contained XSS Attacks (the new generation of XSS)
  • From: pdp (architect)
• [WEB SECURITY] Looking for Addressing some Questions
  • From: mohammad zoroufi
• Re: [WEB SECURITY] Looking for Addressing some Questions
  • From: Randal L. Schwartz
• [WEB SECURITY] Looking for Addressing some Questions
  • From: mohammad zoroufi
• RE: [WEB SECURITY] Looking for Addressing some Questions
  • From: Ory Segal
• [WEB SECURITY] Duplicate jsessionid cookies in request
  • From: Rami Mizrahi
• RE: [WEB SECURITY] Duplicate jsessionid cookies in request
  • From: Dennis Hurst
• RE: [WEB SECURITY] Looking for Addressing some Questions
  • From: Matt Fisher
• RE: [WEB SECURITY] Looking for Addressing some Questions
  • From: Adam Muntner
• Re: [WEB SECURITY] Duplicate jsessionid cookies in request
  • From: Rami Mizrahi
• RE: [WEB SECURITY] Looking for Addressing some Questions
  • From: Billy Hoffman
• RE: [WEB SECURITY] Looking for Addressing some Questions
  • From: Ory Segal
• RE: [WEB SECURITY] Looking for Addressing some Questions
  • From: Billy Hoffman
• [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Jeremiah Grossman
• Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Ryan Barnett
• Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Achim Hoffmann
• Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Jeremiah Grossman
• [WEB SECURITY] invalidating session using ajax
  • From: Anurag Agarwal
• RE: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Bill McGee \(bam\)
• [WEB SECURITY] invalidating session using ajax
  • From: Chad Maniccia
• Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Jeremiah Grossman
• Re: [WEB SECURITY] invalidating session using ajax
  • From: Cody Caughlan
• Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Brian Eaton
• Re: [WEB SECURITY] Duplicate jsessionid cookies in request
  • From: Achim Hoffmann
• Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: James Landis
• Re: [WEB SECURITY] invalidating session using ajax
  • From: James Landis
• Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Adam Muntner
• [WEB SECURITY] "must fix" RE: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Chris Weber
• [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?
  • From: Michael Sutton
• RE: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Jeff Robertson
• Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Irene Abezgauz
• RE: [WEB SECURITY] "must fix" RE: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Jeff Robertson
• RE: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Henry Troup
• RE: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?
  • From: Matt Fisher
• RE: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Jeff Robertson
• RE: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Matt Fisher
• [WEB SECURITY] Interview With Modsecurity Author Ivan Ristic
  • From: bugtraq
• Re: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?
  • From: Jeremiah Grossman
• Re: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?
  • From: Jeremiah Grossman
• RE: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?
  • From: Jeff Robertson
• RE: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?
  • From: Bob Auger
• RE: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?
  • From: Jeff Robertson
• RE: [WEB SECURITY] How Prevalent Are SQL Injection Vulnerabilities?
  • From: Schmidt, Albert E
• [WEB SECURITY] Website / Database Security Architecture - Best Practices Needed
  • From: Idvweb
• Re: [WEB SECURITY] Website / Database Security Architecture - Best Practices Needed
  • From: Don_Tuer
• Re: [WEB SECURITY] Website / Database Security Architecture - Best Practices ...
  • From: Idvweb
• RE: [WEB SECURITY] "must fix" RE: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: Chris Weber
• Re: [WEB SECURITY] Website / Database Security Architecture - Best Practices ...
  • From: Ryan Barnett
• Re: [WEB SECURITY] Website / Database Security Architecture - Best Practices Needed
  • From: Michael Vergoz
• Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
  • From: offtopic
• RE: [WEB SECURITY] Website / Database Security Architecture - Best Practices ...
  • From: Jeff Robertson
• Re: [WEB SECURITY] Website / Database Security Architecture - Best Practices ...
  • From: Idvweb
• [WEB SECURITY] Stealing Search Engine Queries with JavaScript
  • From: Billy Hoffman
• Re: [WEB SECURITY] Stealing Search Engine Queries with JavaScript
  • From: Chris Hofmann
• [WEB SECURITY] Comparitive data of vulnerability scanners
  • From: Fayyaz Ahmad
• Re: [WEB SECURITY] Stealing Search Engine Queries with JavaScript
  • From: Brian Eaton
• Re: [WEB SECURITY] Stealing Search Engine Queries with JavaScript
  • From: Collin Jackson
• Re: [WEB SECURITY] Stealing Search Engine Queries with JavaScript
  • From: Ian
• [WEB SECURITY] Call for panelists: "The role of frameworks (e.g., .Net, Java, Enterprise Library, Struts, JaCorb) in 'forcing' developers to create and deploy 'secure' applications" panel in the next OWASP Conference
  • From: Dinis Cruz
• Re: [WEB SECURITY] Comparitive data of vulnerability scanners
  • From: Dinis Cruz