Home page logo
/
webappsec logo
Web App Security Mailing List

Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
20142113813
20131916357
201238282341
201152624628
201053485163
200988825237
200888687245
200782674184
2006431451317127
2005518290622519
2004355486635509
2003332277308201
2002304

Latest Posts

Security and Communication Networks - Special Issue on Software Defined Networking Security Gregory Blanc (Oct 31)
[Apologies if you receive multiple copies of this message]
* Wiley's Security and Communication Networks (SCN) *
** Special Issue on Software Defined Networking Security **

Recent years have witnessed the rapid development of software-defined networking
(SDN), which transfers essential networking functionalities from the hardware
infrastructure to the software plane by decoupling the control plane
and the data plane.
As such, the complexity...

[Deadline Extension] CFP COMCOM, Elsevier: SI on Security and Privacy in Unified Communications: Challenges and Solutions, Manuscript Due November 21, 2014 Georgios Karopoulos (Oct 31)
[Apologies if you receive multiple copies of this message]

Manuscript submission: extended to November 21, 2014

========================================================================

*Call for Papers*

Computer Communications Journal, Elsevier
(Current Impact Factor: 1.352)

Special Issue on:
Security and Privacy in Unified Communications: Challenges and Solutions

Direct Link:...

Re: Shameless plug: OWASP Board Elections Robin Wood (Oct 28)
I'll have a look at that. I thought I'd got my head around the
vulnerability then watch the first video and realised that I'd only
got half of it, really need time now to lab it all up and test it out.

Sounds good, the more posts the better it will be.

It would be good to keep it here as it already lands in lots of
inboxes and to collect that number of users again will be hard. We are
in touch with someone at Symantec who says...

Re: Shameless plug: OWASP Board Elections Seth Art (Oct 27)
Robin,

Thanks so much for the kind words about my talk. I gave an extended
version of my talk this past weekend at BSidesDC, and the video just
posted a few hours ago: https://www.youtube.com/watch?v=v5DIcAtnKRU.
The BSidesDC version includes a demo at the end which will hopefully
give people an idea of what is required to go from finding this
vulnerability to exploiting it.

Back to the real point of this thread: I also would love for this...

Administrivia: Trouble Ticket Systems subscribing to this list and unsubscribe requests Andrew van der Stock (Oct 23)
Hi there,

I have become aware of a number of you subscribing trouble ticketing
systems to this mail list. Robin (@digininja) has managed to find
someone to start helping us.

I will - with some luck - be getting access to the admin panel, and if
that happens, I will be unsubscribing any trouble ticketing systems
subscribed to this list. You may not realise this, but it creates a
lot of workload everytime I get messages about waiting for customer...

Re: Shameless plug: OWASP Board Elections Brian Zaugg (Oct 23)
Here! Here! I like the idea of making the list more active and useful.
And, a good article on cross-domain policy and CSRF is a great start.

Brian

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Re: unsubscribing from the list Andrew van der Stock (Oct 22)
Hi all,

If you want to get off the list, an easier way is to visit the
following page, enter your e-mail address twice, and click the
checkbox for webappsec down the bottom left and click submit. In a few
seconds, you'll have an unsubscribe e-mail. Reply to that and you're
off the list.

http://www.securityfocus.com/archive/

I hate to see folks go, but I do realise that positions and interest
change, particularly for an ancient list...

unsubscribing from the list Robin Wood (Oct 22)
Seeing as quite a few people have mailed me directly asking to
unsubscribe from the list I want to point to these entries which are
in the headers of every mail sent out by the list.

List-Id: <webappsec.list-id.securityfocus.com>
List-Post: <mailto:webappsec () securityfocus com>
List-Help: <mailto:webappsec-help () securityfocus com>
List-Unsubscribe: <mailto:webappsec-unsubscribe () securityfocus com>
List-Subscribe:...

Re: Shameless plug: OWASP Board Elections maestro (Oct 22)
I can second what Robin said.

Also, OWASP news might not be out of place here. I follow this list but I don’t really follow OWASP closely and I never
would have heard a thing about any elections or anything otherwise. I’m obviously not a member but stuff like this
helps generate interest, I think.

Not bad for a shameless plug.

maestro

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers...

Re: Shameless plug: OWASP Board Elections Robin Wood (Oct 22)
Hi
I'd love to see the list going again and getting more use. I think my
reason for not using it is that it isn't being used so I forget about
it, it needs traffic to gain some traction and remind people it
exists.

I'll make sure that I post some questions when they come up, see if we
can get it moving again.

As a start, I've just watched this brilliant explanation of why an
open crossdomain policy file is bad, I'd...

Shameless plug: OWASP Board Elections Andrew van der Stock (Oct 21)
Hi there,

Apologies for complete self interest where the list admin (me) pushes
a personal interest (OWASP). However, I believe the Open Web
Application Security Project is on topic for the web application
security mail list, and I wouldn't normally do it (you can check -
I've been moderator since 2004), but it's important.

Beyond the plug below - I am very interested in ways we can revitalise
this list. I don't know about...

CFP COMCOM, Elsevier: Special Issue on Security and Privacy in Unified Communications: Challenges and Solutions, Manuscript Due October 31, 2014 Georgios Karopoulos (Oct 21)
[Apologies if you receive multiple copies of this message]

========================================================================

*Call for Papers*

Computer Communications Journal, Elsevier
(Current Impact Factor: 1.352)

Special Issue on:
Security and Privacy in Unified Communications: Challenges and Solutions

Direct Link:...

CFP COMCOM, Elsevier: Special Issue on Security and Privacy in Unified Communications: Challenges and Solutions, Manuscript Due October 31, 2014 Georgios Karopoulos (Oct 07)
[Apologies if you receive multiple copies of this message]

========================================================================

*Call for Papers*

Computer Communications Journal, Elsevier
(Current Impact Factor: 1.352)

Special Issue on:
Security and Privacy in Unified Communications: Challenges and Solutions

Direct Link:...

OWASP Xenotix XSS Exploit Framework v6 Released Ajin Abraham (Sep 15)
Hi All,
Xenotix provides Zero False Positive XSS Detection by
performing the Scan within the browser engines where in real world,
payloads get reflected. Xenotix Scanner Module is incorporated with 3
intelligent fuzzers to reduce the scan time and produce better
results. If you really don't like the tool logic, then leverage the
power of Xenotix API to make the tool work like you wanted it to be.

See What's new!...

t2’14 Challenge to be released 2014-09-13 10:00 EEST Tomi Tuominen (Sep 07)
Running assets is always difficult, however this year has been excruciating for t2 infosec. We lost one of our most
prized and well placed deep cover operatives in a foreign three letter agency. Shortly after the CFP, communications
stopped and we have to assume her new assignment is a permanent placement at a black site somewhere in Eastern Europe.

Luckily for us, the person was able to exfiltrate a key piece of an intelligence analysis...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]