The Web Security Mailing List (2009 May)

• Date Index

• [WEB SECURITY] CFP 26C3 / 26th Chaos Communication Congress, fukami
• [WEB SECURITY] URL Hiding - new method of URL Spoofing attacks, MustLive
• [WEB SECURITY] New paper: Understanding Microsoft's KB971492 IIS WebDAV Vuln, Steve Friedl
  • Re: [WEB SECURITY] New paper: Understanding Microsoft's KB971492 IIS WebDAV Vuln, Bruce Peifer
• [WEB SECURITY] SPNEGO based Kerberos with an HTTP proxy, Prasad Shenoy
• [WEB SECURITY] Damn Vulnerable Web App, Ryan Dewhurst
  • Re: [WEB SECURITY] Damn Vulnerable Web App, Stephan Wehner
  • <Possible follow-ups>
  • Re: [WEB SECURITY] Damn Vulnerable Web App, MustLive
    • Re: [WEB SECURITY] Damn Vulnerable Web App, Thrynn
      • Re: [WEB SECURITY] Damn Vulnerable Web App, Steven M. Christey
      • Re: [WEB SECURITY] Damn Vulnerable Web App, MustLive
      • Re: [WEB SECURITY] Damn Vulnerable Web App, MustLive
  • Re: [WEB SECURITY] Damn Vulnerable Web App, MustLive
    • Re: [WEB SECURITY] Damn Vulnerable Web App, Richard Moore
    • Re: [WEB SECURITY] Damn Vulnerable Web App, Stephan Wehner
• [WEB SECURITY] OWASP PCI Project Introduction, Trey Ford
• [WEB SECURITY] RE: Recommendation for web app scanner, Brian Shura
• [WEB SECURITY] Security Testing of Stand-Alone Apps, Arun Sundaresh
  • RE: [WEB SECURITY] Security Testing of Stand-Alone Apps, Eric Rachner
  • Re: [WEB SECURITY] Security Testing of Stand-Alone Apps, Dinis
    • Re: [WEB SECURITY] Security Testing of Stand-Alone Apps, Dharmesh Mehta
      • Re: [WEB SECURITY] Security Testing of Stand-Alone Apps, Michael J. Condon
  • Re: [WEB SECURITY] Security Testing of Stand-Alone Apps, Christian Frichot
• [WEB SECURITY] WebTuff - IIS 6.0 WebDAV Authentication Bypass Exploit in Python, Raviv Raz
• [WEB SECURITY] Pretty-Bad-Proxy: An Overlooked Adversary in Browsers HTTPS Deployments, robert
  • RE: [WEB SECURITY] Pretty-Bad-Proxy: An Overlooked Adversary in Browsers HTTPS Deployments, Hoffman, Billy
  • Re: [WEB SECURITY] Pretty-Bad-Proxy: An Overlooked Adversary in Browsers HTTPS Deployments, Paul Johnston
    • Re: [WEB SECURITY] Pretty-Bad-Proxy: An Overlooked Adversary in Browsers HTTPS Deployments, Sam Quigley
• [WEB SECURITY] Re: FW: HTTP Parameter Pollution, Luca . carettoni
• [WEB SECURITY] HTTP Parameter Pollution Faq and Video PoC, Stefano Di Paola
• [WEB SECURITY] FireFox Plug-Ins attacking other FireFox Plug-Ins?, Joe White
• [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2009-001 and EnableSecurity Advisory ES-20090500, Trustwave Advisories
  • Re: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2009-001 and EnableSecurity Advisory ES-20090500, robert
  • <Possible follow-ups>
  • Re: [WEB SECURITY] Trustwave's SpiderLabs Security Advisory TWSL2009-001 and EnableSecurity Advisory ES-20090500, MustLive
• [WEB SECURITY] Re: HTTP Parameter Pollution, Stephen de Vries
  • <Possible follow-ups>
  • RE: [WEB SECURITY] Re: HTTP Parameter Pollution, Martin O'Neal
  • RE: [WEB SECURITY] Re: HTTP Parameter Pollution, Stefano Di Paola
  • Re: [WEB SECURITY] Re: HTTP Parameter Pollution, Mostafa Siraj
  • RE: [WEB SECURITY] Re: HTTP Parameter Pollution, Martin O'Neal
  • RE: [WEB SECURITY] Re: HTTP Parameter Pollution, Martin O'Neal
  • RE: [WEB SECURITY] Re: HTTP Parameter Pollution, Stefano Di Paola
• [WEB SECURITY] HTTP Parameter Pollution, Stefano Di Paola
  • [WEB SECURITY] Re: HTTP Parameter Pollution, Ryan Barnett
    • Re: [WEB SECURITY] Re: HTTP Parameter Pollution, Stefano Di Paola
    • Re: [WEB SECURITY] Re: HTTP Parameter Pollution, Ivan Ristic
  • Re: [WEB SECURITY] HTTP Parameter Pollution, bugtraq
    • Re: [WEB SECURITY] HTTP Parameter Pollution, Stefano Di Paola
  • Message not available
    • Message not available
      • [WEB SECURITY] Re: HTTP Parameter Pollution, Stefano Di Paola
  • Re: [WEB SECURITY] HTTP Parameter Pollution, Mostafa Siraj
    • Re: [WEB SECURITY] HTTP Parameter Pollution, Stefano Di Paola
  • [WEB SECURITY] Re: HTTP Parameter Pollution, Ivan Ristic
    • [WEB SECURITY] Re: HTTP Parameter Pollution, Stefano Di Paola
      • [WEB SECURITY] Re: HTTP Parameter Pollution, Ivan Ristic
      • [WEB SECURITY] Re: HTTP Parameter Pollution, Stefano Di Paola
      • [WEB SECURITY] Re: HTTP Parameter Pollution, Ivan Ristic
      • [WEB SECURITY] Re: HTTP Parameter Pollution, Stefano Di Paola
  • Message not available
    • [WEB SECURITY] Re: FW: HTTP Parameter Pollution, Marco Mella
• [WEB SECURITY] Yahoo Groups Voting Vulnerabilities, Mostafa Siraj
• [WEB SECURITY] Joomla! Vulnerability Scanner May 09 Update Release, 7Lyrix
• Re: [WEB SECURITY] Database Security assessment, Praveen Nallasamy
  • Re: [WEB SECURITY] Database Security assessment, Praveen Nallasamy
  • Re: [WEB SECURITY] Database Security assessment, Mike Duncan
  • <Possible follow-ups>
  • Re: [WEB SECURITY] Database Security assessment, Arian J. Evans
    • Re: [WEB SECURITY] Database Security assessment, Paul Johnston
      • Re: [WEB SECURITY] Database Security assessment, Stephen Cook
      • Re: [WEB SECURITY] Database Security assessment, Arian J. Evans
      • RE: [WEB SECURITY] Database Security assessment, Lewis, Ron
  • Re: [WEB SECURITY] Database Security assessment, Lewis, Ron
  • RE: [WEB SECURITY] Database Security assessment, Matt Fisher
    • RE: [WEB SECURITY] Database Security assessment, Amichai Shulman
      • Re: [WEB SECURITY] Database Security assessment, Jim Manico
      • Re: [WEB SECURITY] Database Security assessment, Morrow Long
      • RE: [WEB SECURITY] Database Security assessment, Amichai Shulman
      • Re: [WEB SECURITY] Database Security assessment, Michael J. Condon
      • Re: [WEB SECURITY] Database Security assessment, Paul Johnston
• [WEB SECURITY] Advisory - Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing, Aditya K Sood
• Re: [WEB SECURITY] Classification of SQL Injection vulnerabilities, MustLive
  • Re: [WEB SECURITY] Classification of SQL Injection vulnerabilities, Justin Clarke
    • Re: [WEB SECURITY] Classification of SQL Injection vulnerabilities, Joe Teff
  • Re: [WEB SECURITY] Classification of SQL Injection vulnerabilities, ascii
  • Re: [WEB SECURITY] Classification of SQL Injection vulnerabilities, darky
  • <Possible follow-ups>
  • Re: [WEB SECURITY] Classification of SQL Injection vulnerabilities, Arian J. Evans
• [WEB SECURITY] [TOOL] moth - vulnerable web application vmware, Andres Riancho
  • Re: [WEB SECURITY] [TOOL] moth - vulnerable web application vmware, romain
• [WEB SECURITY] New Browser Security Paper: Why Silent Updates Boost Security, Stefan Frei
• [WEB SECURITY] Gap analysis of application security in Struts2, Arshan Dabirsiaghi
• [WEB SECURITY] A simple question, application.secure application.secure
  • Re: [WEB SECURITY] A simple question, Craig Ingram
• [WEB SECURITY] [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks, Aditya K Sood
• [WEB SECURITY] Web App Security, Testing Checklist, Protecting Passwords, Paul Johnston
• [WEB SECURITY] URL Spoofing vulnerabilities in browsers and search engines, MustLive
  • <Possible follow-ups>
  • Re: [WEB SECURITY] URL Spoofing vulnerabilities in browsers and search engines, MustLive
• RE: [WEB SECURITY] FBController - (Facebook Control Utility) version 1.0, Arshan Dabirsiaghi
  • RE: [WEB SECURITY] FBController - (Facebook Control Utility) version 1.0, QUAKER DOOMER
  • <Possible follow-ups>
  • RE: [WEB SECURITY] FBController - (Facebook Control Utility) version 1.0, QUAKER DOOMER
• [WEB SECURITY] New WebApp security paper: Anti-fraud Image Solutions, WebAppSec
• Re: [WEB SECURITY] URL Spoofing vulnerability in bots of search engines #2, MustLive