The Web Security Mailing List (2007 January)

• Thread Index

• [WEB SECURITY] Vulnerability Scanners Review Published
  • From: bugtraq
• [WEB SECURITY] img src , cant get it!
  • From: Esteban RibiÄiÄ
• [WEB SECURITY] Google’s blacklisted url database (phishing url database)
  • From: Rajesh Sethumadhavan
• [WEB SECURITY] Sniffing and Backdooring UIML Applications
  • From: bugtraq
• RE: [WEB SECURITY] Google's blacklisted url database (phishing url database)
  • From: Brad Inscoe
• [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: pdp (architect)
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• RE: [WEB SECURITY] img src , cant get it!
  • From: White, Dain P
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: sven . vetsch
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: pdp (architect)
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Richard Moore
• [WEB SECURITY] Hacking AJAX DWR Applications
  • From: Amichai Shulman
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Prasad Shenoy
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Prasad Shenoy
• [WEB SECURITY] Re: Universal XSS with PDF files: highly dangerous
  • From: ascii
• [WEB SECURITY] Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
  • From: Stefano Di Paola
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: James Landis
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: pdp (architect)
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: RSnake
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Jean-Jacques Halans
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: James Landis
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Dave Ferguson
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: pdp (architect)
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Prasad Shenoy
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: pdp (architect)
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Larry Seltzer
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: bugtraq
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Jim Manico
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: RSnake
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: der wert
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: pdp (architect)
• [WEB SECURITY] RE: [Full-disclosure] Universal XSS with PDF files: highly dangerous
  • From: Larry Seltzer
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Michael Sutton
• [WEB SECURITY] Universal PDF XSS After Party
  • From: pdp (architect)
• [WEB SECURITY] Re: Universal XSS with PDF files: highly dangerous
  • From: Thierry Zoller
• [WEB SECURITY] Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous
  • From: Juha-Matti Laurio
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: skarvin
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: pst
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: HASEGAWA Yosuke
• [WEB SECURITY] Re: RE: [Full-disclosure] Universal XSS with PDF files: highly dangerous
  • From: Juha-Matti Laurio
• [WEB SECURITY] Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous
  • From: T Biehn
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Martin O'Neal
• Re: [WEB SECURITY] RE: [Full-disclosure] Universal XSS with PDF files: highly dangerous
  • From: RSnake
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Billy Hoffman
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: RSnake
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Martin O'Neal
• [WEB SECURITY] RE: Universal PDF XSS After Party(posible solution)
  • From: Noe Espinoza M.
• [WEB SECURITY] Re: [Full-disclosure] Universal PDF XSS After Party(posible solution)
  • From: Darren Bounds
• Re: [WEB SECURITY] RE: Universal PDF XSS After Party(posible solution)
  • From: RSnake
• [WEB SECURITY] A Tour of the Google Blacklist
  • From: Michael Sutton
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: skarvin
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Billy Hoffman
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Ory Segal
• [WEB SECURITY] Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous
  • From: pdp (architect)
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Billy Hoffman
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: pdp (architect)
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: White, Dain P
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Mike Metzger
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Guy Podjarny
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Mark Andrews
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: White, Dain P
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: James Landis
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Mike Metzger
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: RSnake
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: White, Dain P
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Jean-Jacques Halans
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: White, Dain P
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: James Landis
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Jean-Jacques Halans
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Mike Metzger
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• [WEB SECURITY] Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous
  • From: pdp (architect)
• [WEB SECURITY] Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous
  • From: Stefano Di Paola
• [WEB SECURITY] Fwd: Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous
  • From: Tõnu Samuel
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Martin O'Neal
• [WEB SECURITY] Re: Universal PDF XSS After Party
  • From: Maik Mueller
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: RSnake
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: James Landis
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: James Landis
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Jeff Williams
• [WEB SECURITY] Server Obligation for Client Vulnerabilities (was: Universal XSS with PDF files: highly dangerous)
  • From: Neil Smithline
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Neil Smithline
• [WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases
  • From: bugtraq
• RE: [WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases
  • From: Brian Cohen
• [WEB SECURITY] Looking For a Username Dictionary
  • From: Jason Wood
• Re: [WEB SECURITY] Looking For a Username Dictionary
  • From: H. Morrow Long
• RE: [WEB SECURITY] Looking For a Username Dictionary
  • From: Mark Mcdonald
• [WEB SECURITY] Is ^ a dangerous metachar?
  • From: Ephraim Dan
• Re: [WEB SECURITY] Is ^ a dangerous metachar?
  • From: Haroon Meer
• Re: [WEB SECURITY] QASEC Announcement: Writing Software Security Test Cases
  • From: Stephen de Vries
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: pst
• Re: [WEB SECURITY] Is ^ a dangerous metachar?
  • From: Brian Eaton
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: RSnake
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Amit Klein
• [WEB SECURITY] Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: M . B . Jr .
• Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Brian Eaton
• [WEB SECURITY] Re: Universal XSS with PDF files: highly dangerous
  • From: The Anarcat
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Tom Stripling
• [WEB SECURITY] Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Jim Manico
• [WEB SECURITY] Web Application Security Professionals Survey (Jan. 2007)
  • From: Jeremiah Grossman
• [WEB SECURITY] Using .htaccess to protect from XSS attacks
  • From: Anurag Agarwal
• [WEB SECURITY] ACL for application
  • From: Ankur Jindal
• Re: [WEB SECURITY] Using .htaccess to protect from XSS attacks
  • From: RSnake
• Re: [WEB SECURITY] ACL for application
  • From: Mr Zebedee
• [WEB SECURITY] Re: recognising metacharacters as code ( Is ^ a dangerous metachar?)
  • From: Brian Eaton
• RE: [WEB SECURITY] ACL for application
  • From: Herbener, Martin - KETS Engineering and Management
• Re: [WEB SECURITY] ACL for application
  • From: Brian Eaton
• Re: [WEB SECURITY] ACL for application
  • From: valkyrie
• Re: [WEB SECURITY] ACL for application
  • From: Ankur Jindal
• Re: [WEB SECURITY] ACL for application
  • From: Brian Eaton
• [WEB SECURITY] Administrative: List Questionnaire
  • From: robert
• [WEB SECURITY] Automated Scanner vs. The OWASP Top Ten (white paper)
  • From: Jeremiah Grossman
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Tom Spector
• RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  • From: Marvin Simkin
• Re: [WEB SECURITY] ACL for application
  • From: Ankur Jindal
• [WEB SECURITY] Re: Server Obligation for Client Vulnerabilities (was: Universal XSS with PDF files: highly dangerous)
  • From: James Landis
• [WEB SECURITY] Disclosure for Web Applications
  • From: Jeremiah Grossman
• [WEB SECURITY] Article: A Positive Impact on Web Application Security (About WASC)
  • From: robert
• [WEB SECURITY] Decoding the Google Blacklist
  • From: Michael Sutton
• [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry
  • From: robert
• Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry
  • From: Gervase Markham
• Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry
  • From: Dennis Groves
• Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry
  • From: robert
• Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry
  • From: Pete Herzog
• Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry
  • From: Andy Steingruebl
• RE: [WEB SECURITY] Disclosure for Web Applications
  • From: txs
• Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry
  • From: Dennis Groves
• Re: [WEB SECURITY] Disclosure for Web Applications
  • From: Dennis Groves
• [WEB SECURITY] iPhone
  • From: Dennis Groves
• RE: [WEB SECURITY] Disclosure for Web Applications
  • From: txs
• [WEB SECURITY] WASC Meetup at RSA (San Francisco 2007)
  • From: Jeremiah Grossman
• RE: [WEB SECURITY] Disclosure for Web Applications
  • From: Bill Newton
• Re: [WEB SECURITY] Disclosure for Web Applications
  • From: Dennis Groves
• Re: [WEB SECURITY] A Different CSOonline Article calling out the BS in the security industry
  • From: Pete Herzog
• Re: [WEB SECURITY] Disclosure for Web Applications
  • From: Pete Herzog
• [WEB SECURITY] Anti-DNS Pinning + Socket in FLASH
  • From: Kanatoko
• [WEB SECURITY] Client-side validation in 2007?
  • From: Kurt Grutzmacher
• Re: [WEB SECURITY] Client-side validation in 2007?
  • From: Jeremiah Grossman
• RE: [WEB SECURITY] Client-side validation in 2007?
  • From: Martin O'Neal
• Re: [WEB SECURITY] Client-side validation in 2007?
  • From: Dennis Groves
• [WEB SECURITY] Call for Participation - WASC Distributed Open Proxy Honeypot Project
  • From: Ryan Barnett
• [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
  • From: bugtraq
• Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
  • From: James Landis
• Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
  • From: bugtraq
• Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
  • From: Stefan Esser
• Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
  • From: bugtraq
• Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
  • From: Stefan Esser
• RE: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
  • From: Billy Hoffman
• Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
  • From: bugtraq
• RE: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
  • From: John Terrill
• [WEB SECURITY] Ajax Sniffer - Proof of concept
  • From: Anurag Agarwal
• [WEB SECURITY] VisaNet Consolidated PIN Security Standards Requirements manual
  • From: Mustafa KOMUT
• [WEB SECURITY] Persistent Web Backdoor
  • From: pdp (architect)
• [WEB SECURITY] *RESULTS* Web Application Security Professionals Survey (Jan. 2007)
  • From: Jeremiah Grossman
• Re: [WEB SECURITY] *RESULTS* Web Application Security Professionals Survey (Jan. 2007)
  • From: Jeremiah Grossman
• [WEB SECURITY] some answered questions
  • From: Jeremiah Grossman
• RE: [WEB SECURITY] some answered questions
  • From: Schmidt, Albert E
• [WEB SECURITY] Crawling Ajax-driven Web 2.0 Applications
  • From: bugtraq
• [WEB SECURITY] Atom Database
  • From: pdp (architect)
• [WEB SECURITY] Hardware for logging network requests
  • From: J Joensuu
• RE: [WEB SECURITY] some answered questions
  • From: Chris Weber
• [WEB SECURITY] RE: [SPAM] [WEB SECURITY] Hardware for logging network requests
  • From: Steve Figures
• [WEB SECURITY] What happens to Your Computer if you Mispell Google.com
  • From: pdp (architect)
• Re: [WEB SECURITY] Hardware for logging network requests
  • From: Mike Fratto
• [WEB SECURITY] WASC-Articles: Seeking Guest Writers
  • From: robert
• [WEB SECURITY] xss filter to protect from xss attacks
  • From: Anurag Agarwal
• [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks
  • From: Amit Klein
• Re: [WEB SECURITY] xss filter to protect from xss attacks
  • From: Prasad Shenoy
• [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks
  • From: anurag . agarwal
• [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks
  • From: Stephen de Vries
• [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks
  • From: anurag . agarwal
• Re: [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks
  • From: Ryan Barnett
• Re: [WEB SECURITY] xss filter to protect from xss attacks
  • From: Dinis Cruz
• [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks
  • From: celf
• Re: [WEB SECURITY] xss filter to protect from xss attacks
  • From: Andrew van der Stock
• Re: [WEB SECURITY] xss filter to protect from xss attacks
  • From: pdp (architect)
• Re: [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks
  • From: Anurag Agarwal
• Re: [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks
  • From: Prasad Shenoy
• Re: [WEB SECURITY] xss filter to protect from xss attacks
  • From: anurag . agarwal
• [WEB SECURITY] Re: [Webappsec] [WEB SECURITY] xss filter to protect from xss attacks
  • From: celf
• [WEB SECURITY] Re: [Webappsec] [WEB SECURITY] xss filter to protect from xss attacks
  • From: anurag . agarwal
• [WEB SECURITY] How extract URL-link from flash(.swf) file by PHP?
  • From: 김영일
• Re: [WEB SECURITY] How extract URL-link from flash(.swf) file by PHP?
  • From: Steve Orrin
• [WEB SECURITY] Re: How extract URL-link from flash(.swf) file by PHP?
  • From: homegrown
• [WEB SECURITY] img src , cant get it!
  • From: John Terrill
• [WEB SECURITY] Re: How extract URL-link from flash(.swf) file by PHP?
  • From: Korhan GURLER
• Re: [WEB SECURITY] img src , cant get it!
  • From: Benjamin Flesch
• [WEB SECURITY] WEB2.0 Security Isuues
  • From: Avi Shvartz
• Re: [WEB SECURITY] xss filter to protect from xss attacks
  • From: Lalit Patel
• RE: [WEB SECURITY] img src , cant get it!
  • From: steve jensen
• [WEB SECURITY] Suggestions for the CSRF FAQ
  • From: Brian Eaton
• [WEB SECURITY] Re: Suggestions for the CSRF FAQ
  • From: bugtraq
• Re: [WEB SECURITY] Suggestions for the CSRF FAQ
  • From: Stefan Esser
• Re: [WEB SECURITY] Suggestions for the CSRF FAQ
  • From: Brian Eaton
• Re: [WEB SECURITY] Suggestions for the CSRF FAQ
  • From: John Terrill
• [WEB SECURITY] Defeating CAPTCHAs via Averaging (fwd)
  • From: bugtraq
• Re: [WEB SECURITY] Suggestions for the CSRF FAQ
  • From: Stefan Esser
• [WEB SECURITY] Re: Suggestions for the CSRF FAQ
  • From: Brian Eaton
• Re: [WEB SECURITY] Re: Suggestions for the CSRF FAQ
  • From: bugtraq
• [WEB SECURITY] OWASP Top 10 2007 Release Candidate 1
  • From: Andrew van der Stock
• [WEB SECURITY] HTTP validation framework for Java
  • From: Stephen de Vries
• [WEB SECURITY] Good Magazines and Books
  • From: KT
• Re: [WEB SECURITY] *REMINDER* WASC Meetup at RSA (San Francisco 2007)
  • From: Jeremiah Grossman
• [WEB SECURITY] Technika - Attack Scripting Environment
  • From: pdp (architect)
• [WEB SECURITY] Targeted password cracking by exploiting the registration functionality of a web application
  • From: Anurag Agarwal
• [WEB SECURITY] How Prevalent Are XSS Vulnerabilities?
  • From: Michael Sutton
• [WEB SECURITY] stompy 0.04
  • From: Michal Zalewski
• [WEB SECURITY] Vista Bug: IE7 sploit...
  • From: Joel R. Helgeson
• Re: [WEB SECURITY] Vista Bug: IE7 sploit...
  • From: . Solo