WebApp Sec: by subject

"Divide and Conquer" - cross site response header tampering, cookie manipulation, and session fixation
- Charlie Cano (Mar 19 2004)
- Amit Klein (Mar 07 2004)
- Peter Watkins (Mar 05 2004)
[ Q ] URL obfuscation tools/scripts
- mark (Jan 05 2004)
- asen_at_bat-asen.com (Jan 02 2004)
[SC-L] On "application security"
- Mark Curphey (Feb 20 2004)
A new Sanctum white paper: "Divide and Conquer - HTTP Respons e Splitting, Web Cache Poisoning Attacks, and Related Topics"
- Weiler, Jim (Mar 25 2004)
A new Sanctum white paper: "Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics"
- Amit Klein (Mar 25 2004)
- Amit Klein (Mar 07 2004)
- Jeremiah Grossman (Mar 05 2004)
- Amit Klein (Mar 04 2004)
About Authorization
- Anil Pazvant (Jan 28 2004)
Administrivia
- Mark Curphey (Mar 31 2004)
Announcing The Black Hat Briefings call for papers
- Jeff Moss (Mar 04 2004)
AppSec FAQ at OWASP
- Laurian Gridinoc (Jan 29 2004)
- B $B%$%9%^%$%k (Jan 29 2004)
- Ulf Härnhammar (Jan 29 2004)
- Sangita Pakala (Jan 29 2004)
- Sangita Pakala (Jan 28 2004)
AppSec FAQ at OWASP]
- Rohyt Belani (Jan 30 2004)
- Ulf Härnhammar (Jan 30 2004)
- Philippe Prados (Jan 29 2004)
- Philippe P. (Jan 29 2004)
- Omarjan Ismail (Jan 29 2004)
- Omar Ismail (Jan 29 2004)
- Rohyt Belani (Jan 29 2004)
- Sangita Pakala (Jan 29 2004)
Authenticating a web server
- Steve Suehring (Mar 28 2004)
- Imperva Application Defense Center (Mar 28 2004)
- Amit Sharma (Mar 28 2004)
Blocking/Screening any HTTP, HTTPS, FTP stream from intern to extern?
- Andreas Fredrich (Feb 25 2004)
Burp proxy v1.1 released
- PortSwigger (Jan 26 2004)
Burp spider v1.0 released
- PortSwigger (Mar 22 2004)
Canonicalization
- tom.rogers_at_hushmail.com (Feb 18 2004)
code analysis for c#?
- Cassidy, Thomas (Feb 28 2004)
- Mads Rasmussen (Feb 27 2004)
- patrick (Feb 26 2004)
- Larry Guger (Feb 26 2004)
- Arjun Pednekar (Feb 26 2004)
- Mads Rasmussen (Feb 25 2004)
Control of cookies???
- Curt Purdy (Jan 28 2004)
- m.delibero_at_comcast.net (Jan 28 2004)
- Christian Schneemann (Jan 28 2004)
- Erik Kangas (Jan 28 2004)
- Marcelo Caffaro (Jan 28 2004)
Controlling access to pdf/doc files
- David Cameron (Feb 28 2004)
- Sangita Pakala (Feb 28 2004)
- siput_at_email.com (Feb 27 2004)
- Paulus Widodo (Feb 26 2004)
- Noah Gray (Feb 26 2004)
- lists AT dawes DOT za DOT net (Feb 25 2004)
- Harper.Matthew (Feb 25 2004)
- Mark Mcdonald (Feb 25 2004)
- Alistair Meikle (Feb 25 2004)
- chasd_at_silveroaks.com (Feb 25 2004)
- Zuech, Richard (Feb 24 2004)
- Mark Curphey (Feb 24 2004)
- Suresh Prabhu (Feb 25 2004)
- GRIFFITHS ian (Feb 24 2004)
- Scovetta, Michael V (Feb 24 2004)
- Jed Holler (Feb 24 2004)
- Blasted (Feb 24 2004)
- Sangita Pakala (Feb 24 2004)
Controlling access to pdf/doc files (db "better" than filesys tem?)
- GRIFFITHS ian (Feb 28 2004)
Controlling access to pdf/doc files (db "better" than filesystem?)
- David Cameron (Mar 01 2004)
- Jannie Hanekom (Feb 28 2004)
- Ido Rosen (Feb 28 2004)
- David Wall _at_ Yozons, Inc. (Feb 28 2004)
DARPA / funding sources for OWASP ?
- Mark Curphey (Jan 06 2004)
Encrypted URL
- Jeremiah Cornelius (Feb 02 2004)
- Fred van Engen (Feb 02 2004)
- dreamwvr_at_dreamwvr.com (Feb 02 2004)
- Brecrost Jones (Feb 02 2004)
- Michael Ströder (Feb 02 2004)
- Jeremiah Cornelius (Feb 02 2004)
- Dean Saxe (Feb 02 2004)
- Kenneth Peiruza (Feb 02 2004)
- Dean Saxe (Feb 02 2004)
- Erik Kangas (Jan 30 2004)
- Scovetta, Michael V (Jan 30 2004)
- gcb33_at_dial.pipex.com (Jan 30 2004)
- David Wall _at_ Yozons, Inc. (Jan 30 2004)
- B. Johannessen (Jan 30 2004)
- Hephaestus (Jan 30 2004)
- Stephen de Vries (Jan 30 2004)
- scott wood (Jan 30 2004)
- Mark Curphey (Jan 30 2004)
- Daniel Souza (Jan 30 2004)
- Fogbound Child (Jan 30 2004)
- Ulf Härnhammar (Jan 30 2004)
- Kenneth Peiruza (Jan 30 2004)
- B. Johannessen (Jan 30 2004)
- Lars Johannesen (Jan 30 2004)
- Bryan Murphy (Jan 30 2004)
- dreamwvr_at_dreamwvr.com (Jan 30 2004)
- Tim Greer (Jan 30 2004)
- Adam Tuliper (Jan 30 2004)
- Thomas Chiverton (Jan 30 2004)
- Jeff Williams _at_ Aspect (Jan 30 2004)
- lupin (Jan 30 2004)
Evading Client-Certificate Authentication
- Skip Carter (Mar 31 2004)
- Kevin Vanhaelen (Mar 31 2004)
Further Thoughts about Benchmarking
- Mark Curphey (Mar 31 2004)
Good articles on Java vs .NET security
- Jan Seda (Jan 01 2004)
HIPAA security requirements
- Clint Bodungen (Jan 16 2004)
- David Nester (Jan 16 2004)
- Matt Kenigson (Jan 16 2004)
- lakewood1_at_copper.net (Jan 15 2004)
- ONEILL David J (Jan 15 2004)
- Matt Kenigson (Jan 15 2004)
How do you measure software security issues in web applications ?
- Mark Curphey (Mar 07 2004)
htt[rint version 200
- hemil (Jan 09 2004)
improvements in session management?
- WebAppSecurity [Technicalinfo.net] (Mar 31 2004)
- Mark Foster (Mar 31 2004)
- Mark Foster (Mar 31 2004)
- WebAppSecurity [Technicalinfo.net] (Mar 31 2004)
- flatline (Mar 31 2004)
Innocent Code Prize for Best Post on WebAppSec
- Sverre H. Huseby (Mar 25 2004)
- Sverre H. Huseby (Mar 13 2004)
- Sverre H. Huseby (Mar 01 2004)
- Mark Curphey (Feb 16 2004)
Interesting New Industry Group
- Mark Curphey (Feb 18 2004)
java auditing tool
- urgoez (Jan 14 2004)
Java Code Scanning
- Gary Ellison (Jan 09 2004)
- Francisco Andrades (Jan 09 2004)
- Robert Paris (Jan 07 2004)
- Grega Bremec (Jan 07 2004)
- Mark Curphey (Jan 07 2004)
- Scovetta, Michael V (Jan 07 2004)
- Peter Lee, Kah Chen (Jan 06 2004)
List Playing Up
- Mark Curphey (Jan 06 2004)
Model for Field level Access Control
- Lanham, M. MAJ EECS (Feb 26 2004)
- Cesar Osorio (Feb 26 2004)
- Paul John Summers (Feb 26 2004)
- Sundaram, Ramasubramanian (Cognizant) (Feb 25 2004)
MS SQL Inter-database query question
- Harshul Nayak (Mar 14 2004)
- Michael Howard (Mar 14 2004)
- Marlon Jabbur (Mar 15 2004)
- Adam Tuliper (Mar 14 2004)
- Michael Silk (Mar 14 2004)
New OWASP .NET Project and WebGoat 3.0 Beta Released
- Mark Curphey (Jan 07 2004)
New OWASP Article, Project Update and Summer Conference !
- Mark Curphey (Feb 26 2004)
OASIS WAS Classification Scheme
- Larry Guger (Mar 19 2004)
- Mark Curphey (Mar 19 2004)
OASIS WAS Thesaurus (coming soon)
- Mark Curphey (Mar 28 2004)
Oracle CSO's Response to InfoSecMagazines Secure Coding Bah!
- Maty SIMAN (Feb 10 2004)
- Mark Curphey (Feb 09 2004)
Oracle CSO's Response to InfoSecMagazines Secure Coding Bah! [Virus checkedAU]
- Bruce.Morris_at_au.ey.com (Feb 10 2004)
OT: websphere webservice configuration
- Mads Rasmussen (Feb 27 2004)
OWASP Labs oLabs and PHP Security Filters
- Mark Curphey (Jan 15 2004)
OWASP Top Ten 2004 Update Released
- Jeff Williams _at_ Aspect (Jan 27 2004)
OWASP Web Application Pen Testing Check List
- Gaydosh, Adam (Mar 29 2004)
- Mark Curphey (Mar 19 2004)
Paros v3.1 released
- contact_at_proofsecure.com (Jan 23 2004)
Paros v3.1.1 released
- contact_at_proofsecure.com (Mar 23 2004)
Penetration Testing Report - Sample Report
- Ofer Maor (Mar 23 2004)
Removing Apache Banner on IBM Websphere HTTP Server (Apache) for Windows
- Thiago Lima (Feb 20 2004)
- Thomas Chiverton (Feb 20 2004)
- Daniel Cid (Feb 20 2004)
- Ivan Ristic (Feb 20 2004)
- Steffen Furholm / CABO Communications A/S (Feb 20 2004)
- Jason binger (Feb 19 2004)
Removing Apache Banner on IBM WebsphereHTTP Server (Apache) for Windows
- Remko Lodder (Feb 20 2004)
Sanctum Patent Summary
- Bryan Murphy (Jan 20 2004)
- patent.crapscan_at_hushmail.com (Jan 20 2004)
Sanctum Patent Thread
- Thor Larholm (Jan 19 2004)
- Jimi Thompson (Jan 18 2004)
- .Saphyr (Jan 18 2004)
- hans (Jan 17 2004)
- lakewood1_at_copper.net (Jan 17 2004)
- Mark Curphey (Jan 17 2004)
Sanctum Thread Dead
- Clint Bodungen (Jan 22 2004)
- Mark Curphey (Jan 20 2004)
Secure Coding? Bah!
- Dinis Cruz (Jan 25 2004)
- Tim Greer (Jan 23 2004)
- Mike Hoskins (Jan 23 2004)
- Glenn_Everhart_at_bankone.com (Jan 23 2004)
- Robert Paris (Jan 23 2004)
- Tim Greer (Jan 23 2004)
- ONEILL David J (Jan 23 2004)
- Tim Greer (Jan 22 2004)
- Taco Fleur (Jan 22 2004)
- Taco Fleur (Jan 22 2004)
- Juridian (Jan 22 2004)
- Mark Curphey (Jan 22 2004)
- Adam Tuliper (Jan 22 2004)
- Taco Fleur (Jan 22 2004)
- Juridian (Jan 22 2004)
- Chris DeVoney (Jan 22 2004)
- Patrick Chavez (Jan 22 2004)
- Taco Fleur (Jan 22 2004)
- Mark Curphey (Jan 22 2004)
- Taco Fleur (Jan 22 2004)
- Taco Fleur (Jan 22 2004)
- David Wall _at_ Yozons, Inc. (Jan 22 2004)
- Mark Curphey (Jan 22 2004)
- Chris Kirschke (Jan 22 2004)
- Adam Tuliper (Jan 22 2004)
- Mark Curphey (Jan 22 2004)
Secure FTP
- Scott, Richard (Jan 14 2004)
- DaemonLabs.com Support (MLM) (Jan 13 2004)
- Fletcher, Stephen J (Jan 12 2004)
- Scott, Richard (Jan 12 2004)
secure software engineering methodology
- Mads Rasmussen (Mar 23 2004)
- Gunnar Peterson (Mar 22 2004)
- Alex Russell (Mar 22 2004)
- Mads Rasmussen (Mar 22 2004)
Security tool for monitoring HTTP headers
- Brecrost Jones (Feb 24 2004)
Security tool for monitoring HTTP headers?
- sunzi (Feb 24 2004)
- Booth, Simon (Feb 24 2004)
- Martin Tsachev (Feb 24 2004)
- Shade (Feb 24 2004)
- Internet User (Feb 24 2004)
- znndrp (Feb 24 2004)
- Ivan Ristic (Feb 24 2004)
- Keith W. McCammon (Feb 24 2004)
- lists AT dawes DOT za DOT net (Feb 24 2004)
- Toni Heinonen (Feb 24 2004)
- Grega Bremec (Feb 24 2004)
- Glyn (Feb 24 2004)
- Mark Curphey (Feb 24 2004)
- WebAppSecurity [Technicalinfo.net] (Feb 24 2004)
- Skander Ben Mansour (Feb 24 2004)
- patrick_at_curioustechnology.com (Feb 24 2004)
Security tool for monitoring HTTPS traffic?
- David Wong (Mar 10 2004)
- Romain Vergniol (Mar 10 2004)
- Yoram Zahavi (Mar 10 2004)
- Amichai Shulman (Mar 07 2004)
- Gary Flynn (Feb 28 2004)
- najeeb.hatami_at_gsa.gov (Feb 27 2004)
- lists AT dawes DOT za DOT net (Feb 27 2004)
- Glyn (Feb 26 2004)
- Imre Kertesz (Feb 26 2004)
- John Floyd (Feb 26 2004)
- dd (Feb 26 2004)
- lists AT dawes DOT za DOT net (Feb 26 2004)
- Satish Chandra Prasad (Feb 26 2004)
- John Reilly (Feb 26 2004)
- Thomas Chiverton (Feb 26 2004)
- Altheide, Cory B. (IARC) (Feb 26 2004)
- Mike (Feb 24 2004)
- John Reilly (Feb 25 2004)
- Ivan Ristic (Feb 25 2004)
- WebAppSecurity [Technicalinfo.net] (Feb 25 2004)
- Andreas Fredrich (Feb 24 2004)
Security using Apache module
- Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Mar 19 2004)
- Ivan Ristic (Mar 19 2004)
- Ivan Ristic (Mar 18 2004)
- chorn_at_chorn.com (Mar 18 2004)
- stevenr_at_mastek.com (Mar 18 2004)
- stevenr_at_mastek.com (Mar 17 2004)
Session ID Abuse
- Steve Shah (Feb 15 2004)
- Kris Wilkinson (Feb 13 2004)
- lists AT dawes DOT za DOT net (Feb 13 2004)
- Paul (Feb 13 2004)
- hans (Feb 13 2004)
- npguy (Feb 13 2004)
- Johnny GoLightly (Feb 13 2004)
- Johnny GoLightly (Feb 12 2004)
Single terminal login
- Ingo Struck (Feb 18 2004)
- Michael Silk (Feb 17 2004)
- stevenr_at_mastek.com (Feb 16 2004)
- lists AT dawes DOT za DOT net (Feb 17 2004)
- Michael Silk (Feb 16 2004)
- stevenr_at_mastek.com (Feb 16 2004)
- urbn_at_visi.com (Feb 16 2004)
- Matt Wirges (Feb 16 2004)
- Martin Tsachev (Feb 15 2004)
- stevenr_at_mastek.com (Feb 14 2004)
SSL
- Brian Hatch (Jan 31 2004)
- VolkanPekince_at_hsbc.com.tr (Jan 30 2004)
SSL keys
- Dimitris Petropoulos (Jan 29 2004)
- Auri Rahimzadeh (Jan 28 2004)
- Dimitris Petropoulos (Jan 29 2004)
- VolkanPekince_at_hsbc.com.tr (Jan 28 2004)
SSL version selection query
- Bénoni MARTIN (Mar 23 2004)
- Abhishek Kumar (Mar 23 2004)
Stack overflow blocking in commercial packages
- Glenn_Everhart_at_bankone.com (Mar 30 2004)
- exon (Mar 28 2004)
- Glenn_Everhart_at_bankone.com (Mar 26 2004)
Stealing Passwords via browser refresh
- Karmendra Kohli (Mar 14 2004)
testing web app security
- Weiler, Jim (Mar 31 2004)
- Ivan Ristic (Mar 20 2004)
- Steve Suehring (Mar 19 2004)
- Mark Curphey (Mar 19 2004)
- Felipe Moniz de Aragao (Mar 19 2004)
- A.D. Douma (Mar 19 2004)
- Michael Cunningham (Mar 19 2004)
tips to secure a web application
- .Saphyr (Feb 22 2004)
- Andy Gordon (Feb 20 2004)
- Martin Tsachev (Feb 20 2004)
- .Saphyr (Feb 20 2004)
- .Saphyr (Feb 19 2004)
- Lars Troen (Feb 19 2004)
- Leung, Annie LDB:EX (Feb 19 2004)
- ermelir (Feb 19 2004)
- ermelir (Feb 18 2004)
Tomcat on port 80 or Java as root
- Grega Bremec (Mar 14 2004)
- Daniel (Mar 12 2004)
- urgoez (Mar 11 2004)
- Daniel (Mar 12 2004)
- d31ik47_at_yahoo.com (Mar 12 2004)
- George Georgalis (Mar 11 2004)
- Martin Gil (Mar 11 2004)
- David Wall _at_ Yozons, Inc. (Mar 11 2004)
- Aleksi Kallio (Mar 12 2004)
- Rajkumar S (Mar 12 2004)
- Dave Ockwell-Jenner (Mar 12 2004)
- Rajkumar S (Mar 12 2004)
- Marc Deglos (Mar 12 2004)
- Daniel (Mar 12 2004)
- Harshul Nayak (Mar 11 2004)
- Rajkumar S (Mar 11 2004)
VB: [VulnWatch] Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo (GM#005-MC)
- Ulf Härnhammar (Mar 23 2004)
Web Application Penetration Testing Methodology Patent
- pentester2189114_at_hushmail.com (Jan 20 2004)
- owasp_at_moiler.com (Jan 20 2004)
- pentester2189114_at_hushmail.com (Jan 20 2004)
- sullo_at_cirt.net (Jan 20 2004)
- pentester2189114_at_hushmail.com (Jan 19 2004)
- Matt Kenigson (Jan 17 2004)
- A.D. Douma (Jan 17 2004)
- Pete Herzog (Jan 17 2004)
- Martin Maèok (Jan 17 2004)
- sullo_at_cirt.net (Jan 16 2004)
- A.D. Douma (Jan 16 2004)
- sullo_at_cirt.net (Jan 16 2004)
- sullo_at_cirt.net (Jan 16 2004)
- cdowns (Jan 16 2004)
- A.D. Douma (Jan 16 2004)
- Thermos, Panayiotis A. [RA] (Jan 16 2004)
- Levenglick, Jeff (Jan 16 2004)
- Matthew Wagenknecht (Jan 16 2004)
- dreamwvr_at_dreamwvr.com (Jan 16 2004)
- Richard M. Smith (Jan 16 2004)
- Levenglick, Jeff (Jan 16 2004)
- Matthew Wagenknecht (Jan 16 2004)
- Mark Curphey (Jan 16 2004)
- Levenglick, Jeff (Jan 16 2004)
- webtester_at_hushmail.com (Jan 16 2004)
WebScarab updated
- Rogan Dawes (Mar 19 2004)
websphere webservice configuration
- patrick (Feb 28 2004)
Where do You Architect Security in An Application (Was HTTPS Security Moniting Tools)
- Jeff Williams (Feb 29 2004)
- marko (Feb 28 2004)
- Mark Curphey (Feb 28 2004)
White Paper - Web Application Worms: Myth or Reality?
- Amichai Shulman (Mar 31 2004)
- Amichai Shulman (Mar 31 2004)
- stephen_at_twisteddelight.org (Mar 31 2004)
- Daniel (Mar 31 2004)
- Imperva Application Defense Center (Mar 30 2004)
XSS and hijacking vuln at phpgroupware
- Hokkaido (Mar 22 2004)
xxs problem
- Michael Silk (Mar 17 2004)
- Clint Bodungen (Mar 17 2004)
- Dean Saxe (Mar 16 2004)
- Frank Dobb (Mar 16 2004)
xxs problem - character problems
- Frank Dobb (Mar 16 2004)