Home page logo
/
webappsec logo
Web App Security Mailing List

Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
201421138
20131916357
201238282341
201152624628
201053485163
200988825237
200888687245
200782674184
2006431451317127
2005518290622519
2004355486635509
2003332277308201
2002304

Latest Posts

OWASP Xenotix XSS Exploit Framework v6 Released Ajin Abraham (Sep 15)
Hi All,
Xenotix provides Zero False Positive XSS Detection by
performing the Scan within the browser engines where in real world,
payloads get reflected. Xenotix Scanner Module is incorporated with 3
intelligent fuzzers to reduce the scan time and produce better
results. If you really don't like the tool logic, then leverage the
power of Xenotix API to make the tool work like you wanted it to be.

See What's new!...

t2’14 Challenge to be released 2014-09-13 10:00 EEST Tomi Tuominen (Sep 07)
Running assets is always difficult, however this year has been excruciating for t2 infosec. We lost one of our most
prized and well placed deep cover operatives in a foreign three letter agency. Shortly after the CFP, communications
stopped and we have to assume her new assignment is a permanent placement at a black site somewhere in Eastern Europe.

Luckily for us, the person was able to exfiltrate a key piece of an intelligence analysis...

Arachni v1.0 (WebUI v0.5) has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Sep 01)
Hey folks,

There's a new version of Arachni, an Open Source, modular and high-performance
Web Application Security Scanner Framework written in Ruby.

This release makes Arachni the first F/OSS system to have support for a browser
environment, allowing it to handle modern web applications which make use of
technologies such as HTML5/DOM/JavaScript/AJAX.

The new scan engine has been benchmarked (WIVET v3 and WAVSEP v1.5) higher than
even...

IJDSN - Special Issue on Research Advances in Security and Privacy for Smart Cities Georgios Kambourakis (Aug 08)
International Journal of Distributed Sensor Networks (IF 0.923)
Special Issue on Research Advances in Security and Privacy for Smart Cities

*** SUBMISSION DEADLINE EXTENDED TO Sept. 19, 2014 ***

Security for smart cities is considered to embrace both urban security
subsystems and infrastructure security ones. So, while urban security
and privacy are mostly concerned with the prevention of crime and the
facilitation of services provided to...

nullcon CFP is open nullcon (Aug 07)
Dear Security Gurus,

6th year | CFP opens on 6th Aug 2014 | conference on 6th Feb 2015.

Welcome to nullcon 666! Bring out the beast in you.
http://en.wikipedia.org/wiki/666_(number)

we are happy to open the CFP. Time to tickle your gray cells and
submit your research.
Training: 4th-5th Feb 2015
Conference: 6th-7th Feb 2015

CFP 666
=======
Website - http://nullcon.net

Submit under any of the below options
Papers (40 mins - 1 hr)
Events...

6 new vulnerabilities Mark Litchfield123 (Jul 29)
I have released details of six new Bug Bounty vulnerabilities, 5 of
which resulted in total payouts of $33,217.00 Usual write ups with step
by step screen shots detailed.

I have chosen to move the content from securatary.com to now be hosted
on https://www.uzbey.com/bbp-funding the reasons for doing so are
listed on http://www.securatary.com/vulnerabilities

I will follow up over the next couple of days with some more.

All the best

Mark...

Ruxcon 2014 Final Call For Presentations cfp (Jul 15)
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2014.

.[x]. About Ruxcon .[x].

Ruxcon is...

IJDSN SI on Research Advances in Security and Privacy for Smart Cities Georgios Kambourakis (Jul 13)
*Deadline is approaching*

International Journal of Distributed Sensor Networks (Impact factor: 0.727)
*Special Issue on Research Advances in Security and Privacy for Smart
Cities*
Online version of CFP: http://www.hindawi.com/journals/ijdsn/si/239803/cfp/

Security for smart cities is considered to embrace both urban security
subsystems and infrastructure security ones. So, while urban security
and privacy are mostly concerned with the...

t2'14: Call for Papers 2014 (Helsinki / Finland) Tomi Tuominen (May 19)
#
# t2'14 - Call For Papers (Helsinki, Finland) - October 23 - 24, 2014
#

Do you feel like Las Vegas is too hot, Berlin too bohème, Miami too humid, Singapore too clean and Pattaya just totally
confusing ? No worries! Helsinki will be the perfect match for you – guaranteed low temperature, high tech and just
enough regulation to make everything appear to be under control. This is the country where indestructible mobile phone
and Linux...

Re: Worst news story I have ever read Mark Litchfield (May 17)
Update - SCMagazine (Steve Gold) has kindly removed the story. Thank you.

Also thanks to everyone that responded directly to me.

All the best

Mark

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Worst news story I have ever read Mark Litchfield (May 16)
Worst article I have ever read, would expect a lot better from SC
Magazine. At least understand what you are writing about !!

http://www.scmagazineuk.com/make-money-from-paypal--but-not-legally/article/347142/

"Mark Litchfield, a researcher with Securatary, meanwhile, says he has
spotted a similar scam which appears to offers access to PayPal's
PayFlow gateway" - When he uses the word scam, he is suggesting my
attack is...

Re: PayPal Manager Admin Account Hijack Daniel Kester (May 16)
Now that I think about it, we should make sure the WAFs are filtering this.

---end quoted text---

PayPal Manager Admin Account Hijack Mark Litchfield (May 15)
Hi All,

I have just released a new vulnerability at
http://www.securatary.com/vulnerabilities outlining a hack on
http://manager.paypal.com that in the end allowed full admin access.

PayPal were very quick to fix this issue, so nice job PayPal Security /
Engineering team

Breakpoint 2014 Call For Presentations cfp (May 07)
Breakpoint 2014 Call For Papers
Melbourne, Australia, October 8th-9th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2014.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Ruxcon 2014 Call For Papers cfp (May 05)
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon brings together the individual talents of the best and brightest security
folk in the...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault