The Web Security Mailing List (2007 August)

• Thread Index

• Re: [WEB SECURITY] False Positives with .NET's Request Validation?
  • From: Arian J. Evans
• RE: [WEB SECURITY] False Positives with .NET's Request Validation?
  • From: James Strassburg
• Re: [WEB SECURITY] List slowdown during blackhat
  • From: robert
• [WEB SECURITY] Risk in Validating new password at client side
  • From: Appsec Punter
• RE: [WEB SECURITY] Risk in Validating new password at client side
  • From: White, Dain P
• Re: [WEB SECURITY] Risk in Validating new password at client side
  • From: Pranay Kanwar
• Re: [WEB SECURITY] Risk in Validating new password at client side
  • From: Chris Varenhorst
• [WEB SECURITY] Pictures from WASC/OWASP party in vegas
  • From: robert
• [WEB SECURITY] Mozilla Releases JavaScript Fuzzer
  • From: bugtraq
• RE: [WEB SECURITY] Risk in Validating new password at client side
  • From: Joe Yeager
• [WEB SECURITY] MachineID fingerprinting
  • From: robert
• RE: [WEB SECURITY] MachineID fingerprinting
  • From: robert.purvis
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: robert
• RE: [WEB SECURITY] MachineID fingerprinting
  • From: White, Dain P
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: robert
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: Daniel McLaughlin
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: robert
• RE: [WEB SECURITY] MachineID fingerprinting
  • From: Glenn.Everhart
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: Walt Williams
• RE: [WEB SECURITY] MachineID fingerprinting
  • From: Mario Contestabile
• RE: [WEB SECURITY] MachineID fingerprinting
  • From: Tom Stripling
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: Brian Eaton
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: Esam Gharish
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: robert
• RE: [WEB SECURITY] MachineID fingerprinting
  • From: Billy Hoffman
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: robert
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: GadgetTrak
• [WEB SECURITY] [Mlabs-SecNiche] Bug Wars : The Lost Matrix of Security Vectors
  • From: Aditya K Sood
• RE: [WEB SECURITY] MachineID fingerprinting
  • From: Billy Hoffman
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: Brian Eaton
• Re: [WEB SECURITY] [Mlabs-SecNiche] Bug Wars : The Lost Matrix of Security Vectors
  • From: Prasad Shenoy
• [WEB SECURITY] What do security researchers want in a security disclosure policy to reduce their liability?
  • From: Andy Steingruebl
• [WEB SECURITY] Design flaw in AS3 socket handling allows port probing
  • From: fukami
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: Mike Fratto
• Re: [WEB SECURITY] MachineID fingerprinting
  • From: Andy Steingruebl
• Re: [WEB SECURITY] What do security researchers want in a security disclosure policy to reduce their liability?
  • From: Bubba Gump
• Re: [WEB SECURITY] What do security researchers want in a security disclosure policy to reduce their liability?
  • From: Mark Andrews
• [WEB SECURITY] BlackHat/Defcon 2007 Timing Stuff Released..
  • From: haroon
• [WEB SECURITY] New Oracle Forensics Paper
  • From: David Litchfield
• [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Anurag Agarwal
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Amit Klein
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Jeremiah Grossman
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: anurag . agarwal
• [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
  • From: Andre Gironda
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Brian Eaton
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Ryan Barnett
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Prasad Shenoy
• RE: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Ory Segal
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Amit Klein
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Amit Klein
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: pdp (architect)
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Jeremiah Grossman
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Jeremiah Grossman
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: andre
• RE: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
  • From: Billy Hoffman
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: anurag . agarwal
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: anurag . agarwal
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: anurag . agarwal
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: pdp (architect)
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: pdp (architect)
• [WEB SECURITY] Facebook Homepage Source Code Probably Leaked
  • From: pdp (architect)
• [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
  • From: Harry Muchow
• [WEB SECURITY] Did webapp developers learn from Samy worm?
  • From: Anurag Agarwal
• Re: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
  • From: Prasad Shenoy
• Re: [WEB SECURITY] SQL Injection, ORDER BY plus DROP TABLE
  • From: Ali Soylu
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Brian Eaton
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: anurag . agarwal
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: pdp (architect)
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Gervase Markham
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: Andy Steingruebl
• Re: [WEB SECURITY] Seeking feedback on proposed security restriction in the browsers
  • From: James Landis
• [WEB SECURITY] WASC Announcement: 'WASSEC Project' Call for Participants
  • From: announcements
• Re: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
  • From: Dean H. Saxe
• RE: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
  • From: Billy Hoffman
• Re: [WEB SECURITY] Rough Cut of To-Be-Published Ajax Security
  • From: pdp (architect)
• [WEB SECURITY] Another Oracle Forensics Paper...
  • From: David Litchfield
• [WEB SECURITY] Know Your Enemy: Malicious Web Servers
  • From: Ryan Barnett
• [WEB SECURITY] Cenzic sues SPI Dynamics over Fault Injection
  • From: robert
• Re: [WEB SECURITY] Cenzic sues SPI Dynamics over Fault Injection
  • From: Steve Orrin
• Re: [WEB SECURITY] Cenzic sues SPI Dynamics over Fault Injection
  • From: James Landis
• Re: [WEB SECURITY] Cenzic sues SPI Dynamics over Fault Injection
  • From: Mark Andrews
• [WEB SECURITY] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.
  • From: Ezequiel Gutesman
• Re: [WEB SECURITY] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.
  • From: Ezequiel Gutesman
• [WEB SECURITY] CCWAPSS : a Comprehensive security scoring method
  • From: Frederic Charpentier
• [WEB SECURITY] Firefox CSS flaws
  • From: gaz_sec
• Re: [WEB SECURITY] Firefox CSS flaws
  • From: Brian Eaton
• [WEB SECURITY] Intrusion Detection with Heterogenous Sensors
  • From: Bjoern Weiland
• Re: [WEB SECURITY] Firefox CSS flaws
  • From: Michael Vergoz
• Re: [WEB SECURITY] Firefox CSS flaws
  • From: Brian Eaton
• Re: [WEB SECURITY] Firefox CSS flaws
  • From: gaz_sec
• [WEB SECURITY] WASC Announcement: 'Script Mapping Project' Call for Participants
  • From: announcements
• [WEB SECURITY] Why JSON/JavaScript hijacking only works on Mozilla
  • From: Billy Hoffman
• [WEB SECURITY] HTTP Proxy for thick clients
  • From: Huan Chi
• Re: [WEB SECURITY] HTTP Proxy for thick clients
  • From: bugtraq
• Re: [WEB SECURITY] HTTP Proxy for thick clients
  • From: haroon meer
• RE: [WEB SECURITY] HTTP Proxy for thick clients
  • From: Ofer Shezaf
• Re: [WEB SECURITY] HTTP Proxy for thick clients
  • From: ascii
• Re: [WEB SECURITY] HTTP Proxy for thick clients
  • From: Huan Chi
• Re: [WEB SECURITY] HTTP Proxy for thick clients
  • From: Joakim Sandström
• Re: [WEB SECURITY] HTTP Proxy for thick clients
  • From: haroon meer
• Re: [WEB SECURITY] HTTP Proxy for thick clients
  • From: Mark Andrews
• Re: [WEB SECURITY] HTTP Proxy for thick clients
  • From: Ryan Barnett
• [WEB SECURITY] firefox3 vuln by design?
  • From: bugtraq
• [WEB SECURITY] 24th Chaos Communication Congress 2007: Call for Participation
  • From: fukami
• Re: [WEB SECURITY] firefox3 vuln by design?
  • From: Thierry Zoller
• [WEB SECURITY] Re: HTTP Proxy for thick clients
  • From: Jeffory Atkinson
• Re: [WEB SECURITY] HTTP Proxy for thick clients
  • From: Shreeraj Shah
• Re: [WEB SECURITY] HTTP Proxy for thick clients
  • From: Rogan Dawes
• Re: [WEB SECURITY] Why JSON/JavaScript hijacking only works on Mozilla
  • From: Daniel Veditz
• Re: [WEB SECURITY] firefox3 vuln by design?
  • From: gaz_sec
• [WEB SECURITY] How to detect XSS in an automated fashion
  • From: Travis Altman
• Re: [WEB SECURITY] Why JSON/JavaScript hijacking only works on Mozilla
  • From: Daniel Veditz
• Re: [WEB SECURITY] How to detect XSS in an automated fashion
  • From: gaz_sec
• [WEB SECURITY] Re: HTTP Proxy for thick clients
  • From: rajat swarup
• RE: [WEB SECURITY] Why JSON/JavaScript hijacking only works on Mozilla
  • From: Billy Hoffman
• RE: [WEB SECURITY] How to detect XSS in an automated fashion
  • From: gaz_sec
• RE: [WEB SECURITY] How to detect XSS in an automated fashion
  • From: Billy Hoffman
• RE: [WEB SECURITY] How to detect XSS in an automated fashion
  • From: gaz_sec
• Re: [WEB SECURITY] How to detect XSS in an automated fashion
  • From: Romain Gaucher
• RE: [WEB SECURITY] How to detect XSS in an automated fashion
  • From: gaz_sec
• Re: [WEB SECURITY] firefox3 vuln by design?
  • From: Thomas Roessler
• RE: [WEB SECURITY] How to detect XSS in an automated fashion
  • From: Billy Hoffman
• Re: [WEB SECURITY] Why JSON/JavaScript hijacking only works on Mozilla
  • From: Daniel Veditz
• Re: [WEB SECURITY] How to detect XSS in an automated fashion
  • From: James Landis
• [WEB SECURITY] Scanning internal Lan using PHP remote file opening.
  • From: Stefano Di Paola
• [WEB SECURITY] firefox extension for looping through a form?
  • From: offset
• Re: [WEB SECURITY] How to detect XSS in an automated fashion
  • From: gaz_sec
• Re: [WEB SECURITY] firefox extension for looping through a form?
  • From: Deeþan Chakravarthy
• [WEB SECURITY] Further CSS Firefox demo
  • From: gaz_sec
• Re: [WEB SECURITY] Further CSS Firefox demo
  • From: Esam Gharish
• Re: [WEB SECURITY] Further CSS Firefox demo
  • From: gaz_sec
• Re: [WEB SECURITY] Further CSS Firefox demo
  • From: Esam Gharish
• Re: [WEB SECURITY] Further CSS Firefox demo
  • From: Joshua Ross
• Re: [WEB SECURITY] Further CSS Firefox demo
  • From: gaz_sec
• [WEB SECURITY] WHITE PAPER: For my next trick… hacking Web2.0
  • From: pdp (architect)