Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:





/
webappsec logo
Web App Security Mailing List

Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
20123810
201152624628
201053485163
200988825237
200888687245
200782674184
2006431451317127
2005518290622519
2004355486635509
2003332277308201
2002304

Latest Posts

hydra and HTTP NTLM Robin Wood (May 23)
Anyone know how to use the new HTTP NTLM feature in Hydra? I'm trying
to brute force a MS Front Page login which only asks for
authentication when the OPTIONS method is used as far as I can tell.

Robin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus...

t2'12: Call for Papers 2012 (Helsinki / Finland) Tomi Tuominen (May 14)
# t2'12 - Call For Papers #
Helsinki, Finland
October 25 - 26, 2012

We are pleased to announce the annual t2'12 infosec conference, which
will take place in Helsinki, Finland, from October 25 to 26, 2012.

We are looking for original, preferably technical presentations in the
fields of information security. Presentations should last a minimum of
60 minutes and a maximum of two...

A survey on web application attacks Hannes Holm (May 14)
Hi webappsec subscribers,

I am researching the domain consensus regarding the effectiveness of different web application firewalls (WAF)s and
would be glad if you could spare a few minutes of your time to answer a survey on the topic.

By completing this survey you will:

* Help build valuable domain consensus on the topic of WAF effectiveness.
* Be able to compare your answers to the answers of others.
* Have the chance to win a 100 USD...

Abusing Password Managers with XSS mastah yeti (Apr 25)
New post on abusing password managers through xss.
http://labs.neohapsis.com/2012/04/25/abusing-password-managers-with-xss/

[HITB-Announce] HITB Magazine Issue 008 (now with print edition!) Hafez Kamal (Apr 23)
The 8th issue of the HITB Quarterly Magazine is now available for download!

http://magazine.hitb.org/

This edition is a little bit 'lighter' than previous issues as the
editorial team is busy working on an extra special release for our 10th
year anniversary conference in October, HITBSecConf2012 - Malaysia.

http://conference.hitb.org/hitbsecconf2012kul/

For the first time ever though, we're making print editions of the
magazine...

Ruxcon 2012 Call For Papers cfp (Apr 20)
Ruxcon 2012 Call For Papers

The Ruxcon team is pleased to announce the call for papers for the 2012 annual Ruxcon conference.

This year the conference will take place over the weekend of 20th and 21st of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of July.

* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring...

Passwords^12 : Call for Presentations Per Thorsheim (Apr 18)
For the third time I am happy to announce a Call for Presentations for
Passwords^12.

Passwords^12 will be held at the University of Oslo (Norway) on December
3-4, 2012. The 2-day conference will be free and open for anyone to
attend. Please do note that our primary audience will be academics and
security professionals with deep technical knowledge. This is a
conference with international speakers and participants, presenting
fresh ideas and...

winAUTOPWN v3.0 Released QUAKER DOOMER (Apr 18)
Dear all,

This is to announce release of winAUTOPWN version 3.0

The improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ] is a
Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend.
C4 - WAST gives users the freedom to select individual exploits and use them.

A complete list of all Exploits in winAUTOPWN is available inside MISC\CHANGELOG.TXT
A complete list of User Interface...

SEC Consult whitepaper :: The Source Is A Lie SEC Consult Vulnerability Lab (Apr 18)
SEC Consult Vulnerability Lab released a new whitepaper titled:
"The Source Is A Lie"

Abstract:
---------
Backdoors have always been a concern of the security community. In
recent years the idea of not trusting the developer has gained momentum
and manifested itself in various forms of source code review. For Java,
being one of the most popular programming languages, numerous tools and
papers have been written to help during reviews....

OWASP ZAP 1.4.0 released psiinon (Apr 08)
Hi folks,

I'm very pleased to announce that version 1.4.0 of the OWASP Zed
Attack Proxy (ZAP) has now been released.

This release adds the following main features:
* Syntax highlighting
* fuzzdb integration
* Parameter analysis
* Enhanced XSS scanner
* A port of some of the Watcher checks
* Plugable extensions

And a load of bugfixes!

For more information and to download this release please visit the ZAP
homepage:...

Re: Time based Blind SQL injection martin . mngoma (Mar 30)
Hi guys

Just off the topic, can any of you help me.

I need a vulnerability scanner that can scan WCF web services (silver light technologies )as acunetix does not support
wcf yet.

All help will be appreciated

Thanks
Martin
Sent from my BlackBerry® wireless device

-----Original Message-----
From: Yiannis Koukouras <ikoukouras () gmail com>
Sender: listbounce () securityfocus com
Date: Thu, 29 Mar 2012 21:04:00
To: Danux<danuxx ()...

Re: Time based Blind SQL injection Yiannis Koukouras (Mar 29)
So, the only difference, from other tools out there, is the support of TAB(%09)?

Am I missing something?

Thanks for sharing! :)

Cheers,
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras
---

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website...

Re: Time based Blind SQL injection Yiannis Koukouras (Mar 29)
Cool, I just wanted to be sure I didn't miss anything else...

Again thanx for sharing! :)

Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!...

winAUTOPWN v2.9 - As [ C4 - WAST ] QUAKER DOOMER (Mar 21)
Dear all,

It has been more than 3 YEARS since the first version of winAUTOPWN.
This is to announce release of winAUTOPWN version 2.9

This version introduces an improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS
TRANSGRESSOR GUI [ C4 - WAST ]
C4 - WAST gives the user the freedom to select individual exploits and use them.
Note that the legacy winAUTOPWN feature to fire all exploits available for open ports
discovered is still present and has...

Re: FBController - (Facebook Control Utility) version 4.0 { With 0-DAY Features } Alex (Mar 15)
You probably should purchase an ad if you're going to try to sell
something. Just some friendly guidence. Good luck!

Alex Fernandez-Gatti
"Laws control the lesser man.  Right conduct controls the greater
one." - Chinese Proverb

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]