The Web Security Mailing List (2008 June)

Date Index

[WEB SECURITY] Stanford Emerging Threats and Defenses Symposium, Neil Daswani
[WEB SECURITY] ICANN Approves new top-level domains, robert
- Re: [WEB SECURITY] ICANN Approves new top-level domains, romain
- Message not available
  - Re: [WEB SECURITY] ICANN Approves new top-level domains, kuza55
[WEB SECURITY] OWASP 2008 USA, NYC, Tom Brennan
[WEB SECURITY] Security testing, Syed Kabeer Ahmed
- RE: [WEB SECURITY] Security testing, Spires, Bucky
  - Re: [WEB SECURITY] Security testing, Bil Corry
[WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Hoffman, Billy
- RE: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Michael S. Menefee
  - Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Zinho
    - RE: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Bryan Sullivan
    - RE: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Hoffman, Billy
    - RE: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Michael S. Menefee
    - Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Rafal @ IsHackingYou
    - Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Rafal @ IsHackingYou
    - RE: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Hoffman, Billy
    - Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, kuza55
    - Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Oliver Lavery
    - Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Zinho
    - RE: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Mark Roxberry
    - Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Zinho
    - Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, romain
    - Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Zinho
    - Message not available
    - Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Zinho
  - Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Curt Wilson
- Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Sven Vetsch / Disenchant
  - RE: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Hoffman, Billy
    - RE: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Chris Eng
  - Re: [WEB SECURITY] Announcing Scrawlr: SQL Injector and Crawler, Paul Schmehl
[WEB SECURITY] Troll post to the WASC list using my name, Arian J. Evans
Re: [WEB SECURITY] Hashing and entropy, Oliver Lavery
- Re: [WEB SECURITY] Hashing and entropy, Bil Corry
- RE: [WEB SECURITY] Hashing and entropy, Martin O'Neal
- Re: [WEB SECURITY] Hashing and entropy, Nathanael Hoyle
  - Re: [WEB SECURITY] Hashing and entropy, Amit Klein
- Re: [WEB SECURITY] Hashing and entropy, Michel Arboi
  - RE: [WEB SECURITY] Hashing and entropy, Lavery, Oliver
- <Possible follow-ups>
- RE: [WEB SECURITY] Hashing and entropy, Glenn.Everhart
  - RE: [WEB SECURITY] Hashing and entropy, Lavery, Oliver
    - RE: [WEB SECURITY] Hashing and entropy, Martin O'Neal
    - Re: [WEB SECURITY] Hashing and entropy, Nathanael Hoyle
    - RE: [WEB SECURITY] Hashing and entropy, Lavery, Oliver
    - Message not available
    - RE: [WEB SECURITY] Hashing and entropy, Lavery, Oliver
[WEB SECURITY] Re: [Full-disclosure] The Extended HTML Form attack revisited, kuza55
- [WEB SECURITY] Re: [Full-disclosure] The Extended HTML Form attack revisited, Sandro Gauci
[WEB SECURITY] Save the date- Breach Security, OWASP & WASC Cocktail party at BlackHat 08, Heather Cason
[WEB SECURITY] The Extended HTML Form attack revisited, Sandro Gauci
- RE: [WEB SECURITY] The Extended HTML Form attack revisited, Michael S. Menefee
  - Re: [WEB SECURITY] The Extended HTML Form attack revisited, Sandro Gauci
[WEB SECURITY] JavaScript Code Flow Manipulation & Adobe Flex 3 DOM-based XSS Vulnerability, Ory Segal
[Fwd: Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?], Michele Orru'
[WEB SECURITY] username & pw in clear-text through SSL considered safe?, wilke rodriquez
- Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Christian Frichot
- Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Michele Orru'
  - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Martin O'Neal
  - Message not available
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Michele Orru'
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Michele Orru'
    - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Martin O'Neal
  - Message not available
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Josh Amishav-Zlatin
    - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Martin O'Neal
- Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Bil Corry
  - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Licky Lindsay
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Dinis Cruz
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, James Landis
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Bil Corry
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Mike Fratto
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Bil Corry
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Paul Schmehl
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Mike Fratto
  - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Mike Fratto
- Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Mike Fratto
- Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Rohit Lists
  - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Rohit Lists
  - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, wilke rodriquez
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Chris Varenhorst
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Christian Frichot
    - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - Message not available
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Ivan Ristic
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Nathanael Hoyle
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Oliver Lavery
    - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, James Landis
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Albert Lunde
    - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Alex Stamos
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Oliver Lavery
    - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - Message not available
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Ivan Ristic
    - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - Message not available
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Ivan Ristic
    - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - Message not available
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Ivan Ristic
    - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Rafal @ IsHackingYou.com
    - Message not available
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Arian J. Evans
- <Possible follow-ups>
- Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, jfvanmeter
  - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, James Landis
    - Message not available
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, James Landis
  - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Michele Orru'
  - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Mike Fratto
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Paul Schmehl
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Licky Lindsay
  - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Smolsky, Shawn J
  - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Martin O'Neal
- RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Tom Stripling
- Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, jfvanmeter
- Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Lavery, Oliver
- Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Oliver Lavery
  - RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Alex Stamos
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, James Landis
    - Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?, Arian J. Evans
    - [WEB SECURITY] Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Lavery, Oliver
    - Re: [WEB SECURITY] Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Evan Arians
    - Re: [WEB SECURITY] Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Arian J. Evans
    - Re[2]: [WEB SECURITY] Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Thierry Zoller
    - Re: Re[2]: [WEB SECURITY] Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Rohit Lists
    - RE: Re[2]: [WEB SECURITY] Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Dave Sanford
    - Re: [WEB SECURITY] Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), ascii
    - RE: [WEB SECURITY] Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Martin O'Neal
    - Message not available
    - [WEB SECURITY] Javascript Malware, Mailvaganam, Hari
    - Re: [WEB SECURITY] Javascript Malware, Bil Corry
    - RE: [WEB SECURITY] Javascript Malware, Bemis,Brian M
[WEB SECURITY] LifeCycleSecurity Conference 2008 - Call for Presentations, Dennis Hurst
[WEB SECURITY] ASP.NET 3.5 Request Validation, Michael S. Menefee
- RE: [WEB SECURITY] ASP.NET 3.5 Request Validation, Eric Rachner
  - RE: [WEB SECURITY] ASP.NET 3.5 Request Validation, Michael S. Menefee
    - RE: [WEB SECURITY] ASP.NET 3.5 Request Validation, Mark Roxberry
[WEB SECURITY] ModSecurity Session Fixation rules, Michele Orru'
- Re: [WEB SECURITY] ModSecurity Session Fixation rules, Ryan Barnett
[WEB SECURITY] HTTP cache poisoning via Host header injection, Carlos
- Re: [WEB SECURITY] HTTP cache poisoning via Host header injection, Amit Klein
  - RE: [WEB SECURITY] HTTP cache poisoning via Host header injection, Michael S. Menefee
  - RE: [WEB SECURITY] HTTP cache poisoning via Host header injection, Michael S. Menefee
    - Re: [WEB SECURITY] HTTP cache poisoning via Host header injection, Amit Klein
    - Re: [WEB SECURITY] HTTP cache poisoning via Host header injection, Amit Klein
    - Re: [WEB SECURITY] HTTP cache poisoning via Host header injection, Bil Corry
    - Re: [WEB SECURITY] HTTP cache poisoning via Host header injection, Ivan Ristic
    - Re: [WEB SECURITY] HTTP cache poisoning via Host header injection, Bil Corry
[WEB SECURITY] Certification CEH, CPT or SANS GIAC GPEN, Katie Riley
- RE: [WEB SECURITY] Certification CEH, CPT or SANS GIAC GPEN, Jenkinson, John P (SAIC)
  - Re: [WEB SECURITY] Certification CEH, CPT or SANS GIAC GPEN, Shyaam
    - RE: [WEB SECURITY] Certification CEH, CPT or SANS GIAC GPEN, Mark Roxberry
    - RE: [WEB SECURITY] Certification CEH, CPT or SANS GIAC GPEN, Jenkinson, John P (SAIC)
[WEB SECURITY] Vulnerability Disclosure in University, Michele Orru'
- RE: [WEB SECURITY] Vulnerability Disclosure in University, steve jensen
  - Re: [WEB SECURITY] Vulnerability Disclosure in University, Michele Orru'
[WEB SECURITY] XSS Script, Feroz Salman
- Re: [WEB SECURITY] XSS Script, Mike Duncan
- Re: [WEB SECURITY] XSS Script, Glafkos - InfoSEC \(Information Security Uncensored\)
[WEB SECURITY] http header or javascript, application.secure application.secure
- Re: [WEB SECURITY] http header or javascript, Marcin Wielgoszewski
  - Message not available
    - Re: [WEB SECURITY] http header or javascript, Marcin Wielgoszewski
  - RE: [WEB SECURITY] http header or javascript, Martin O'Neal
  - RE: [WEB SECURITY] http header or javascript, Johnson, Eric
[WEB SECURITY] CSRF Help, GsNaseer Gs
- Re: [WEB SECURITY] CSRF Help, Bipin Upadhyay
- Re: [WEB SECURITY] CSRF Help, bugtraq
- Re: [WEB SECURITY] CSRF Help, Neil Daswani
- Re: [WEB SECURITY] CSRF Help, Zinho
- Re: [WEB SECURITY] CSRF Help, Arian J. Evans
  - Re: [WEB SECURITY] CSRF Help, Rimantas Liubertas
[WEB SECURITY] XSS Help, GsNaseer Gs
- Re: [WEB SECURITY] XSS Help, romain
- Re: [WEB SECURITY] XSS Help, Mike Duncan
- Re: [WEB SECURITY] XSS Help, Ryan Barnett
  - RE: [WEB SECURITY] XSS Help, Hoffman, Billy
[WEB SECURITY] HTTP Verb Tampering for Dummies, Arian J. Evans
- RE: [WEB SECURITY] HTTP Verb Tampering for Dummies, Arshan Dabirsiaghi
  - Re: [WEB SECURITY] HTTP Verb Tampering for Dummies, Adam Muntner
    - RE: [WEB SECURITY] HTTP Verb Tampering for Dummies, Arshan Dabirsiaghi
    - Re: [WEB SECURITY] HTTP Verb Tampering for Dummies, Arian J. Evans
    - Re: [WEB SECURITY] HTTP Verb Tampering for Dummies, Jeff Robertson
    - Re: [WEB SECURITY] HTTP Verb Tampering for Dummies, Oliver Lavery
    - Re: [WEB SECURITY] HTTP Verb Tampering for Dummies, Jeff Robertson
    - Re: [WEB SECURITY] HTTP Verb Tampering for Dummies, Jeff Robertson
[WEB SECURITY] AccessMe Tool Now Available, Oliver Lavery
- Re: [WEB SECURITY] AccessMe Tool Now Available, Andre Gironda
[WEB SECURITY] question about anti-xss applicability of PHP's htmlentities(), Eric Stein
- Re: [WEB SECURITY] question about anti-xss applicability of PHP's htmlentities(), Marcin Wielgoszewski
[WEB SECURITY] Knowing what's plugged-in?, Jon Kibler
- Re: [WEB SECURITY] Knowing what's plugged-in?, Bil Corry
[WEB SECURITY] Testing Microsoft Smart Clients [may be OT], Prasad Shenoy
[WEB SECURITY] quick question on password reset 'best practices', Joe White
- RE: [WEB SECURITY] quick question on password reset 'best practices', White, Dain P
- Re: [WEB SECURITY] quick question on password reset 'best practices', Rafal @ IsHackingYou
- Re: [WEB SECURITY] quick question on password reset 'best practices', Stephen de Vries
- Re: [WEB SECURITY] quick question on password reset 'best practices', James Landis
- Re: [WEB SECURITY] quick question on password reset 'best practices', Jeremiah Grossman
  - RE: [WEB SECURITY] quick question on password reset 'best practices', White, Dain P
    - Re: [WEB SECURITY] quick question on password reset 'best practices', Jeremiah Grossman
    - Re: [WEB SECURITY] quick question on password reset 'best practices', bugtraq
    - Re: [WEB SECURITY] quick question on password reset 'best practices', Sebastian Schinzel
    - Re: [WEB SECURITY] quick question on password reset 'best practices', Jeremiah Grossman
    - RE: [WEB SECURITY] quick question on password reset 'best practices', Martin O'Neal
    - Message not available
    - Re: [WEB SECURITY] quick question on password reset 'best practices', Jeremiah Grossman
    - RE: [WEB SECURITY] quick question on password reset 'best practices', Martin O'Neal
    - Message not available
    - Re: [WEB SECURITY] quick question on password reset 'best practices', Marcin Wielgoszewski
    - Message not available
    - Re: [WEB SECURITY] quick question on password reset 'best practices', Sebastian Schinzel
    - Re: [WEB SECURITY] quick question on password reset 'best practices', Pete Herzog
    - Re: [WEB SECURITY] quick question on password reset 'best practices', Stephen de Vries
    - Re: [WEB SECURITY] quick question on password reset 'best practices', Jeremiah Grossman
  - Re: [WEB SECURITY] quick question on password reset 'best practices', Rafal @ IsHackingYou.com
- <Possible follow-ups>
- Re: [WEB SECURITY] quick question on password reset 'best practices', Colin Watson
  - Re: [WEB SECURITY] quick question on password reset 'best practices', Pete Herzog
- Re: [WEB SECURITY] quick question on password reset 'best practices', Colin Watson
  - Re: [WEB SECURITY] quick question on password reset 'best practices', Arian J. Evans
RE: [WEB SECURITY] Question about escaping strings in javascript, Chris Weber \(Casaba Security\)
- <Possible follow-ups>
- Re: [WEB SECURITY] Question about escaping strings in javascript, Arian J. Evans
  - Re: [WEB SECURITY] Question about escaping strings in javascript, Evert | Collab

Brought to you by http://www.webappsec.org
Search this site