The Web Security Mailing List (2008 April)

• Date Index

• [WEB SECURITY] Insomnia: Whitepaper - Access Through Access, Brett Moore
• [WEB SECURITY] Fake Captcha Protection, The Burmese Hacker
  • RE: [WEB SECURITY] Fake Captcha Protection, Chris Weber \(Casaba Security\)
    • Re: [WEB SECURITY] Fake Captcha Protection, psteichen
    • Re: [WEB SECURITY] Fake Captcha Protection, Arian J. Evans
      • RE: [WEB SECURITY] Fake Captcha Protection, Bryan Sullivan
      • Re: [WEB SECURITY] Fake Captcha Protection, Bil Corry
      • Re: [WEB SECURITY] Fake Captcha Protection, Jeremiah Grossman
      • RE: [WEB SECURITY] Fake Captcha Protection, Gunter Ollmann
      • Re: [WEB SECURITY] Fake Captcha Protection, Dave Ferguson
• AW: [WEB SECURITY] Announcing the Web Application Security Roadmap v0.9, Julian Totzek
  • Re: AW: [WEB SECURITY] Announcing the Web Application Security Roadmap v0.9, Matthieu Estrade
• [WEB SECURITY] .NET and filter evasions, Arian J. Evans
• RE: [WEB SECURITY] Announcing the Web Application Security Roadmap v0.9. Modest proposal..., Glenn.Everhart
• [WEB SECURITY] Announcing the Web Application Security Roadmap v0.9, Joe White
  • RE: [WEB SECURITY] Announcing the Web Application Security Roadmap v0.9, Stewart, Kevin G. USNUNK NAVAIR 1490 RM40
    • Re: [WEB SECURITY] Announcing the Web Application Security Roadmap v0.9, Joe White
• [WEB SECURITY] A New Class of Vulnerability in Oracle: Lateral SQL Injection, David Litchfield
• [WEB SECURITY] XSS, SQL injection vulns on non-English sites, Jim Weiler
  • RE: [WEB SECURITY] XSS, SQL injection vulns on non-English sites, Hurst, Dennis
  • Re: [WEB SECURITY] XSS, SQL injection vulns on non-English sites, Arian J. Evans
• [WEB SECURITY] thoughts on WAF deployment options?, Joe White
  • RE: [WEB SECURITY] thoughts on WAF deployment options?, Neil Correa
  • Re: [WEB SECURITY] thoughts on WAF deployment options?, Arian J. Evans
    • Re: [WEB SECURITY] thoughts on WAF deployment options?, Ryan Barnett
      • Re: [WEB SECURITY] thoughts on WAF deployment options?, Arian J. Evans
      • Re: [WEB SECURITY] thoughts on WAF deployment options?, Ryan Barnett
      • Re: [WEB SECURITY] thoughts on WAF deployment options?, Ivan Ristic
      • Re: [WEB SECURITY] thoughts on WAF deployment options?, Rafal @ IsHackingYou
    • Re: [WEB SECURITY] thoughts on WAF deployment options?, Ryan Barnett
      • Re: [WEB SECURITY] thoughts on WAF deployment options?, Arian J. Evans
  • Re: [WEB SECURITY] thoughts on WAF deployment options?, Ivan Ristic
  • Re: [WEB SECURITY] thoughts on WAF deployment options?, Adam Muntner
  • Re: [WEB SECURITY] thoughts on WAF deployment options?, Rafal @ IsHackingYou
• [WEB SECURITY] Official PCI 6.6 Guidance Released!!, Trey Ford
• [WEB SECURITY] RE: Defeating nonce/token based CSRF protection, Jeroen van Dongen
  • Re: [WEB SECURITY] RE: Defeating nonce/token based CSRF protection, Mike Duncan
  • RE: [WEB SECURITY] RE: Defeating nonce/token based CSRF protection, Eric Rachner
• [WEB SECURITY] Defeating nonce/token based CSRF protection, Jeroen van Dongen
  • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, Daniel Papasian
  • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, planetlevel
    • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, bugtraq
    • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, Arian J. Evans
  • RE: [WEB SECURITY] Defeating nonce/token based CSRF protection, Eric Rachner
  • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, Ory Segal
    • RE: [WEB SECURITY] Defeating nonce/token based CSRF protection, Hoffman, Billy
    • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, Mike Duncan
      • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, Hong Cho
      • RE: [WEB SECURITY] Defeating nonce/token based CSRF protection, Eric Rachner
      • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, Mike Duncan
      • RE: [WEB SECURITY] Defeating nonce/token based CSRF protection, Eric Rachner
      • Message not available
      • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, Mike Duncan
      • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, Arian J. Evans
      • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, Mike Duncan
      • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, Arian J. Evans
    • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, Bil Corry
  • <Possible follow-ups>
  • Re: [WEB SECURITY] Defeating nonce/token based CSRF protection, Zinho
• Re: [WEB SECURITY] Open Source Code Analysis Tools, praveen kumar
• [WEB SECURITY] Web Application Security Summit in Las Vegas, Anurag Agarwal
• [WEB SECURITY] Web Application Security Awareness Day, n3td3v
• [WEB SECURITY] way to determine virtual hosts?, Travis Altman
  • Re: [WEB SECURITY] way to determine virtual hosts?, Andy Steingruebl
  • Re: [WEB SECURITY] way to determine virtual hosts?, Jeff Stebelton
  • Re: [WEB SECURITY] way to determine virtual hosts?, Nicolas
    • Re: [WEB SECURITY] way to determine virtual hosts?, Adam Muntner
      • [WEB SECURITY] Open Source Code Analysis Tools, Truxaw, Matthew
      • RE: [WEB SECURITY] Open Source Code Analysis Tools, zwell.nosec
      • Message not available
      • Re: [WEB SECURITY] Open Source Code Analysis Tools, list
      • Re: [WEB SECURITY] Open Source Code Analysis Tools, Mike Duncan
      • RE: [WEB SECURITY] Open Source Code Analysis Tools, Truxaw, Matthew
      • RE: [WEB SECURITY] Open Source Code Analysis Tools, Truxaw, Matthew
      • RE: [WEB SECURITY] Open Source Code Analysis Tools, Truxaw, Matthew
  • RE: [WEB SECURITY] way to determine virtual hosts?, Justin Townsend
  • Re: [WEB SECURITY] way to determine virtual hosts?, Paul Schmehl
    • Message not available
      • Fwd: [WEB SECURITY] way to determine virtual hosts?, Nicolas
  • <Possible follow-ups>
  • FW: [WEB SECURITY] way to determine virtual hosts?, Herbener, Martin - KETS Engineering and Management
• [WEB SECURITY] WASC Meetup @RSA pictures for those interested, Anurag Agarwal
  • Re: [WEB SECURITY] WASC Meetup @RSA pictures for those interested, Garrett Gee
• [WEB SECURITY] Classic ASP and HTTPOnly Cookies, Eric Jenko
  • RE: [WEB SECURITY] Classic ASP and HTTPOnly Cookies, Brian Shura
• [WEB SECURITY] Webappsec Vendor Directory, Arian J. Evans
• [WEB SECURITY] MITM proxies, Ontologies, and Enterprise Architecture, Christopher H Mitchell
  • [WEB SECURITY] Re: [Owasp-webscarab] MITM proxies, Ontologies, and Enterprise Architecture, Rogan Dawes
• [WEB SECURITY] Invitation - OWASP AppSec Europe May 19-22 2008 - Belgium, Sebastien Deleersnyder
• [WEB SECURITY] Attack Technique: File Download Injection, Jeff Williams
  • Re: [WEB SECURITY] Attack Technique: File Download Injection, Arian J. Evans
  • Message not available
    • RE: [WEB SECURITY] Attack Technique: File Download Injection, Jeff Williams
      • Re: [WEB SECURITY] Attack Technique: File Download Injection, Nathanael Hoyle
      • RE: [WEB SECURITY] Attack Technique: File Download Injection, Jeff Williams
      • Re: [WEB SECURITY] Attack Technique: File Download Injection, Amit Klein
• [WEB SECURITY] weak ssl ciphers, Travis Altman
  • [WEB SECURITY] Re: [Webappsec] weak ssl ciphers, Tim
  • [WEB SECURITY] Re: [Webappsec] weak ssl ciphers, Arian J. Evans
• [WEB SECURITY] Vulnerabilities in kses-based HTML filters, lpilorz