The Web Security Mailing List (2007 January)

Date Index

[WEB SECURITY] Vista Bug: IE7 sploit..., Joel R. Helgeson
- Re: [WEB SECURITY] Vista Bug: IE7 sploit..., . Solo
[WEB SECURITY] stompy 0.04, Michal Zalewski
[WEB SECURITY] How Prevalent Are XSS Vulnerabilities?, Michael Sutton
[WEB SECURITY] Targeted password cracking by exploiting the registration functionality of a web application, Anurag Agarwal
[WEB SECURITY] Technika - Attack Scripting Environment, pdp (architect)
[WEB SECURITY] Good Magazines and Books, KT
[WEB SECURITY] HTTP validation framework for Java, Stephen de Vries
[WEB SECURITY] OWASP Top 10 2007 Release Candidate 1, Andrew van der Stock
[WEB SECURITY] Defeating CAPTCHAs via Averaging (fwd), bugtraq
[WEB SECURITY] Suggestions for the CSRF FAQ, Brian Eaton
- [WEB SECURITY] Re: Suggestions for the CSRF FAQ, bugtraq
  - [WEB SECURITY] Re: Suggestions for the CSRF FAQ, Brian Eaton
    - Re: [WEB SECURITY] Re: Suggestions for the CSRF FAQ, bugtraq
- Re: [WEB SECURITY] Suggestions for the CSRF FAQ, Stefan Esser
  - Re: [WEB SECURITY] Suggestions for the CSRF FAQ, Brian Eaton
  - Re: [WEB SECURITY] Suggestions for the CSRF FAQ, John Terrill
    - Re: [WEB SECURITY] Suggestions for the CSRF FAQ, Stefan Esser
[WEB SECURITY] WEB2.0 Security Isuues, Avi Shvartz
Re: [WEB SECURITY] How extract URL-link from flash(.swf) file by PHP?, Steve Orrin
[WEB SECURITY] How extract URL-link from flash(.swf) file by PHP?, 김영일
- [WEB SECURITY] Re: How extract URL-link from flash(.swf) file by PHP?, homegrown
  - [WEB SECURITY] Re: How extract URL-link from flash(.swf) file by PHP?, Korhan GURLER
[WEB SECURITY] Re: [Webappsec] [WEB SECURITY] xss filter to protect from xss attacks, anurag . agarwal
[WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks, anurag . agarwal
- [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks, Stephen de Vries
- [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks, celf
- <Possible follow-ups>
- [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks, anurag . agarwal
- Re: [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks, Anurag Agarwal
  - Re: [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks, Prasad Shenoy
[WEB SECURITY] xss filter to protect from xss attacks, Anurag Agarwal
- [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks, Amit Klein
  - Re: [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks, Ryan Barnett
- Re: [WEB SECURITY] xss filter to protect from xss attacks, Prasad Shenoy
- Re: [WEB SECURITY] xss filter to protect from xss attacks, Dinis Cruz
  - Re: [WEB SECURITY] xss filter to protect from xss attacks, Andrew van der Stock
    - Re: [WEB SECURITY] xss filter to protect from xss attacks, pdp (architect)
- Re: [WEB SECURITY] xss filter to protect from xss attacks, Lalit Patel
- <Possible follow-ups>
- Re: [WEB SECURITY] xss filter to protect from xss attacks, anurag . agarwal
  - [WEB SECURITY] Re: [Webappsec] [WEB SECURITY] xss filter to protect from xss attacks, celf
[WEB SECURITY] WASC-Articles: Seeking Guest Writers, robert
[WEB SECURITY] What happens to Your Computer if you Mispell Google.com, pdp (architect)
[WEB SECURITY] Hardware for logging network requests, J Joensuu
- [WEB SECURITY] RE: [SPAM] [WEB SECURITY] Hardware for logging network requests, Steve Figures
- Re: [WEB SECURITY] Hardware for logging network requests, Mike Fratto
[WEB SECURITY] Atom Database, pdp (architect)
[WEB SECURITY] Crawling Ajax-driven Web 2.0 Applications, bugtraq
[WEB SECURITY] some answered questions, Jeremiah Grossman
- RE: [WEB SECURITY] some answered questions, Schmidt, Albert E
- RE: [WEB SECURITY] some answered questions, Chris Weber
Re: [WEB SECURITY] *RESULTS* Web Application Security Professionals Survey (Jan. 2007), Jeremiah Grossman
[WEB SECURITY] Persistent Web Backdoor, pdp (architect)
[WEB SECURITY] VisaNet Consolidated PIN Security Standards Requirements manual, Mustafa KOMUT
[WEB SECURITY] Ajax Sniffer - Proof of concept, Anurag Agarwal
[WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ, bugtraq
- Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ, James Landis
  - Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ, bugtraq
- Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ, Stefan Esser
  - Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ, bugtraq
    - Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ, Stefan Esser
- RE: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ, Billy Hoffman
  - Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ, bugtraq
- <Possible follow-ups>
- RE: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ, John Terrill
[WEB SECURITY] Call for Participation - WASC Distributed Open Proxy Honeypot Project, Ryan Barnett
[WEB SECURITY] Client-side validation in 2007?, Kurt Grutzmacher
- Re: [WEB SECURITY] Client-side validation in 2007?, Jeremiah Grossman
- RE: [WEB SECURITY] Client-side validation in 2007?, Martin O'Neal
- Message not available
  - Re: [WEB SECURITY] Client-side validation in 2007?, Dennis Groves
[WEB SECURITY] Anti-DNS Pinning + Socket in FLASH, Kanatoko
[WEB SECURITY] WASC Meetup at RSA (San Francisco 2007), Jeremiah Grossman
- Re: [WEB SECURITY] *REMINDER* WASC Meetup at RSA (San Francisco 2007), Jeremiah Grossman
[WEB SECURITY] iPhone, Dennis Groves
[WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry, robert
- Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry, Gervase Markham
  - Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry, Dennis Groves
    - Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry, robert
    - Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry, Pete Herzog
    - Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry, Andy Steingruebl
    - Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry, Dennis Groves
    - Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry, Pete Herzog
[WEB SECURITY] Article: A Positive Impact on Web Application Security (About WASC), robert
[WEB SECURITY] Disclosure for Web Applications, Jeremiah Grossman
- [WEB SECURITY] Decoding the Google Blacklist, Michael Sutton
- RE: [WEB SECURITY] Disclosure for Web Applications, txs
  - Re: [WEB SECURITY] Disclosure for Web Applications, Dennis Groves
    - RE: [WEB SECURITY] Disclosure for Web Applications, txs
    - Re: [WEB SECURITY] Disclosure for Web Applications, Dennis Groves
- <Possible follow-ups>
- RE: [WEB SECURITY] Disclosure for Web Applications, Bill Newton
  - Re: [WEB SECURITY] Disclosure for Web Applications, Pete Herzog
[WEB SECURITY] Automated Scanner vs. The OWASP Top Ten (white paper), Jeremiah Grossman
[WEB SECURITY] Administrative: List Questionnaire, robert
[WEB SECURITY] Re: recognising metacharacters as code ( Is ^ a dangerous metachar?), Brian Eaton
[WEB SECURITY] ACL for application, Ankur Jindal
- Re: [WEB SECURITY] ACL for application, Mr Zebedee
- RE: [WEB SECURITY] ACL for application, Herbener, Martin - KETS Engineering and Management
- Re: [WEB SECURITY] ACL for application, Brian Eaton
  - Re: [WEB SECURITY] ACL for application, Ankur Jindal
    - Re: [WEB SECURITY] ACL for application, Brian Eaton
    - Re: [WEB SECURITY] ACL for application, Ankur Jindal
- Re: [WEB SECURITY] ACL for application, valkyrie
[WEB SECURITY] Using .htaccess to protect from XSS attacks, Anurag Agarwal
- Re: [WEB SECURITY] Using .htaccess to protect from XSS attacks, RSnake
[WEB SECURITY] Web Application Security Professionals Survey (Jan. 2007), Jeremiah Grossman
- [WEB SECURITY] *RESULTS* Web Application Security Professionals Survey (Jan. 2007), Jeremiah Grossman
[WEB SECURITY] Is ^ a dangerous metachar?, Ephraim Dan
- Re: [WEB SECURITY] Is ^ a dangerous metachar?, Haroon Meer
  - Re: [WEB SECURITY] Is ^ a dangerous metachar?, Brian Eaton
[WEB SECURITY] Looking For a Username Dictionary, Jason Wood
- Re: [WEB SECURITY] Looking For a Username Dictionary, H. Morrow Long
- <Possible follow-ups>
- RE: [WEB SECURITY] Looking For a Username Dictionary, Mark Mcdonald
[WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases, bugtraq
- RE: [WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases, Brian Cohen
- Re: [WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases, Stephen de Vries
[WEB SECURITY] Server Obligation for Client Vulnerabilities (was: Universal XSS with PDF files: highly dangerous), Neil Smithline
- [WEB SECURITY] Re: Server Obligation for Client Vulnerabilities (was: Universal XSS with PDF files: highly dangerous), James Landis
[WEB SECURITY] Fwd: Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Tõnu Samuel
[WEB SECURITY] A Tour of the Google Blacklist, Michael Sutton
[WEB SECURITY] Re: RE: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Juha-Matti Laurio
- [WEB SECURITY] Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, T Biehn
  - [WEB SECURITY] Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, pdp (architect)
[WEB SECURITY] Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Juha-Matti Laurio
- [WEB SECURITY] RE: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Larry Seltzer
  - Re: [WEB SECURITY] RE: [Full-disclosure] Universal XSS with PDF files: highly dangerous, RSnake
[WEB SECURITY] Universal PDF XSS After Party, pdp (architect)
- [WEB SECURITY] RE: Universal PDF XSS After Party(posible solution), Noe Espinoza M.
  - [WEB SECURITY] Re: [Full-disclosure] Universal PDF XSS After Party(posible solution), Darren Bounds
  - Re: [WEB SECURITY] RE: Universal PDF XSS After Party(posible solution), RSnake
- [WEB SECURITY] Re: Universal PDF XSS After Party, Maik Mueller
[WEB SECURITY] Adobe Acrobat Reader Plugin - Multiple Vulnerabilities, Stefano Di Paola
[WEB SECURITY] Hacking AJAX DWR Applications, Amichai Shulman
[WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
  - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Richard Moore
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Prasad Shenoy
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Prasad Shenoy
  - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, James Landis
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect)
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, James Landis
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Dave Ferguson
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Prasad Shenoy
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, James Landis
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, James Landis
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, James Landis
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect)
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect)
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, bugtraq
    - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Martin O'Neal
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Billy Hoffman
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pst
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Guy Podjarny
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, James Landis
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Neil Smithline
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Brian Eaton
    - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Marvin Simkin
    - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Tom Spector
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, sven . vetsch
  - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect)
  - [WEB SECURITY] Re: Universal XSS with PDF files: highly dangerous, ascii
  - Message not available
    - [WEB SECURITY] Re: Universal XSS with PDF files: highly dangerous, Thierry Zoller
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jean-Jacques Halans
  - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Larry Seltzer
  - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jim Manico
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake
    - [WEB SECURITY] Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, M . B . Jr .
    - [WEB SECURITY] Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jim Manico
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, HASEGAWA Yosuke
- Message not available
  - [WEB SECURITY] Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, pdp (architect)
- Message not available
  - [WEB SECURITY] Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous, Stefano Di Paola
- [WEB SECURITY] Re: Universal XSS with PDF files: highly dangerous, The Anarcat
- <Possible follow-ups>
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, der wert
  - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect)
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, skarvin
    - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Billy Hoffman
    - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake
    - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Martin O'Neal
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, skarvin
  - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Michael Sutton
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pst
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Ory Segal
  - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Billy Hoffman
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, pdp (architect)
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Amit Klein
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, White, Dain P
  - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Mark Andrews
  - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, RSnake
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jean-Jacques Halans
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Mike Metzger
  - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Mike Metzger
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Mike Metzger
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, White, Dain P
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, White, Dain P
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, White, Dain P
  - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jean-Jacques Halans
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Martin O'Neal
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Jeff Williams
- RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, Tom Stripling
[WEB SECURITY] Sniffing and Backdooring UIML Applications, bugtraq
[WEB SECURITY] Google’s blacklisted url database (phishing url database), Rajesh Sethumadhavan
- RE: [WEB SECURITY] Google's blacklisted url database (phishing url database), Brad Inscoe
[WEB SECURITY] img src , cant get it!, Esteban RibiÄiÄ
- <Possible follow-ups>
- RE: [WEB SECURITY] img src , cant get it!, White, Dain P
- [WEB SECURITY] img src , cant get it!, John Terrill
  - Re: [WEB SECURITY] img src , cant get it!, Benjamin Flesch
- RE: [WEB SECURITY] img src , cant get it!, steve jensen
[WEB SECURITY] Vulnerability Scanners Review Published, bugtraq

Brought to you by http://www.webappsec.org
Search this site