Home page logo
/
webappsec logo
Web App Security Mailing List

Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
201421136
20131916357
201238282341
201152624628
201053485163
200988825237
200888687245
200782674184
2006431451317127
2005518290622519
2004355486635509
2003332277308201
2002304

Latest Posts

Arachni v1.0 (WebUI v0.5) has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Sep 01)
Hey folks,

There's a new version of Arachni, an Open Source, modular and high-performance
Web Application Security Scanner Framework written in Ruby.

This release makes Arachni the first F/OSS system to have support for a browser
environment, allowing it to handle modern web applications which make use of
technologies such as HTML5/DOM/JavaScript/AJAX.

The new scan engine has been benchmarked (WIVET v3 and WAVSEP v1.5) higher than
even...

IJDSN - Special Issue on Research Advances in Security and Privacy for Smart Cities Georgios Kambourakis (Aug 08)
International Journal of Distributed Sensor Networks (IF 0.923)
Special Issue on Research Advances in Security and Privacy for Smart Cities

*** SUBMISSION DEADLINE EXTENDED TO Sept. 19, 2014 ***

Security for smart cities is considered to embrace both urban security
subsystems and infrastructure security ones. So, while urban security
and privacy are mostly concerned with the prevention of crime and the
facilitation of services provided to...

nullcon CFP is open nullcon (Aug 07)
Dear Security Gurus,

6th year | CFP opens on 6th Aug 2014 | conference on 6th Feb 2015.

Welcome to nullcon 666! Bring out the beast in you.
http://en.wikipedia.org/wiki/666_(number)

we are happy to open the CFP. Time to tickle your gray cells and
submit your research.
Training: 4th-5th Feb 2015
Conference: 6th-7th Feb 2015

CFP 666
=======
Website - http://nullcon.net

Submit under any of the below options
Papers (40 mins - 1 hr)
Events...

6 new vulnerabilities Mark Litchfield123 (Jul 29)
I have released details of six new Bug Bounty vulnerabilities, 5 of
which resulted in total payouts of $33,217.00 Usual write ups with step
by step screen shots detailed.

I have chosen to move the content from securatary.com to now be hosted
on https://www.uzbey.com/bbp-funding the reasons for doing so are
listed on http://www.securatary.com/vulnerabilities

I will follow up over the next couple of days with some more.

All the best

Mark...

Ruxcon 2014 Final Call For Presentations cfp (Jul 15)
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2014.

.[x]. About Ruxcon .[x].

Ruxcon is...

IJDSN SI on Research Advances in Security and Privacy for Smart Cities Georgios Kambourakis (Jul 13)
*Deadline is approaching*

International Journal of Distributed Sensor Networks (Impact factor: 0.727)
*Special Issue on Research Advances in Security and Privacy for Smart
Cities*
Online version of CFP: http://www.hindawi.com/journals/ijdsn/si/239803/cfp/

Security for smart cities is considered to embrace both urban security
subsystems and infrastructure security ones. So, while urban security
and privacy are mostly concerned with the...

t2'14: Call for Papers 2014 (Helsinki / Finland) Tomi Tuominen (May 19)
#
# t2'14 - Call For Papers (Helsinki, Finland) - October 23 - 24, 2014
#

Do you feel like Las Vegas is too hot, Berlin too bohème, Miami too humid, Singapore too clean and Pattaya just totally
confusing ? No worries! Helsinki will be the perfect match for you – guaranteed low temperature, high tech and just
enough regulation to make everything appear to be under control. This is the country where indestructible mobile phone
and Linux...

Re: Worst news story I have ever read Mark Litchfield (May 17)
Update - SCMagazine (Steve Gold) has kindly removed the story. Thank you.

Also thanks to everyone that responded directly to me.

All the best

Mark

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Worst news story I have ever read Mark Litchfield (May 16)
Worst article I have ever read, would expect a lot better from SC
Magazine. At least understand what you are writing about !!

http://www.scmagazineuk.com/make-money-from-paypal--but-not-legally/article/347142/

"Mark Litchfield, a researcher with Securatary, meanwhile, says he has
spotted a similar scam which appears to offers access to PayPal's
PayFlow gateway" - When he uses the word scam, he is suggesting my
attack is...

Re: PayPal Manager Admin Account Hijack Daniel Kester (May 16)
Now that I think about it, we should make sure the WAFs are filtering this.

---end quoted text---

PayPal Manager Admin Account Hijack Mark Litchfield (May 15)
Hi All,

I have just released a new vulnerability at
http://www.securatary.com/vulnerabilities outlining a hack on
http://manager.paypal.com that in the end allowed full admin access.

PayPal were very quick to fix this issue, so nice job PayPal Security /
Engineering team

Breakpoint 2014 Call For Presentations cfp (May 07)
Breakpoint 2014 Call For Papers
Melbourne, Australia, October 8th-9th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2014.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Ruxcon 2014 Call For Papers cfp (May 05)
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon brings together the individual talents of the best and brightest security
folk in the...

SpiderFoot 2.1.4 released Steve Micallef (Apr 29)
Hi all,

SpiderFoot 2.1.4 is now available, and will be the last enhancement
release on the 2.1 branch as I focus on 2.2. SpiderFoot is an open
source footprinting and intelligence gathering tool, written in Python
and runs on Linux, *BSD and Windows.

Since 2.1.0 was announced here in January, the following enhancements
have been implemented..

- Integration with:
- SHODAN
- VirusTotal
- AlienVault IP Reputation DB
-...

OWASP ZAP 2.3.0 psiinon (Apr 10)
Hi folks,

OWASP ZAP 2.3.0 is now available :
http://code.google.com/p/zaproxy/wiki/Downloads?tm=2

Quick summary of the main changes:

* A ZAP 'lite' version in addition to the existing 'full' version
* View, intercept, manipulate, resend and fuzz client-side (browser) events
* Enhanced authentication support
* Support for non standard apps
* Input Vector scripts
* Scan policy - fine grained control
* Advanced Scan dialog
*...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]