WebApp Sec: by subject

(chaffing and winnowing) Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications"
- Evans, Arian (Jan 10 2005)
(ip session tracking) Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications"
- mattyml_at_bellsouth.net (Dec 31 2004)
(not really a) Proposal to anti-phishing
- Scovetta, Michael V (Jan 24 2005)
- Wall, Kevin (Jan 24 2005)
- Rishi Pande (Jan 24 2005)
- Mike Andrews (Jan 24 2005)
- Mike Andrews (Jan 24 2005)
- Rishi Pande (Jan 24 2005)
- Scott, Richard (Jan 19 2005)
- Evans, Arian (Jan 18 2005)
(secure email) Proposal to anti-phishing
- Michael Silk (Jan 25 2005)
- Lyal Collins (Jan 24 2005)
- Lyal Collins (Jan 24 2005)
- Eric McCarty (Jan 24 2005)
- Lyal Collins (Jan 24 2005)
- Lyal Collins (Jan 24 2005)
- Michael Silk (Jan 24 2005)
- Michael Silk (Jan 23 2005)
- Lyal Collins (Jan 23 2005)
- Michael Silk (Jan 24 2005)
- Lyal Collins (Jan 23 2005)
- Michael Silk (Jan 23 2005)
- Lyal Collins (Jan 19 2005)
- Evans, Arian (Jan 18 2005)
(smart cards) Proposal to anti-phishing
- Evans, Arian (Jan 24 2005)
(webrute) How to list all the URLs on a web server
- Evans, Arian (Jan 10 2005)
[ANNOUNCE] kses 0.2.2
- Ulf Härnhammar (Feb 07 2005)
[Fwd: [security] Remotely Controlling XSS Attacks - Announcing XSS-Proxy]
- George Capehart (Feb 12 2005)
[Fwd: Paper: SQL Injection Attacks by Example]
- George Capehart (Jan 09 2005)
[SCL-2005.002] - IDN Feature Workaround via proxy.pac
- Scovetta, Michael V (Feb 08 2005)
[tool] Guardian@JUMPERZ.NET : Detecting session hijack
- Ivan Ristic (Feb 05 2005)
- Ivan Ristic (Feb 04 2005)
- Kanatoko (Feb 04 2005)
- Ofer Shezaf (Feb 03 2005)
- Kanatoko (Feb 02 2005)
A proposal for anti-phishing
- Michael Silk (Jan 18 2005)
Achieving Sign On for non-web resource.
- Peter Watkins (Feb 09 2005)
- Richard Attermeyer (Feb 09 2005)
- Saqib Ali (Feb 09 2005)
- Babu Kopparam (Feb 09 2005)
Announcing: OWASP AppSec Europe 2005, April 9-10
- Jeff Williams (Jan 16 2005)
Anti-Phishing, why it doesn't work
- Jeremiah Grossman (Jan 24 2005)
- robert_at_dyadsecurity.com (Jan 24 2005)
- Felix Berger (Jan 24 2005)
- Joseph Miller (Jan 24 2005)
Any security issue with using SPNEGOto perform single-sign-on?
- Paul Johnston (Mar 23 2005)
- Saqib Ali (Mar 17 2005)
applet security connecting to hosts
- Jeremiah Grossman (Mar 10 2005)
- Haroon Meer (Mar 09 2005)
- F Lace (Mar 06 2005)
as security pro's, how do you use the web now?
- Matthew Caston (Jan 19 2005)
- ACMurray_at_cmp.com (Jan 18 2005)
- Rogan Dawes (Jan 14 2005)
- Sorensen, Clark C (Jan 14 2005)
- Haroon Meer (Jan 14 2005)
- Daniel (Jan 13 2005)
Assisting open source projects
- Andrew van der Stock (Mar 14 2005)
Authorization Framework.
- Yuri Demchenko (Jan 24 2005)
- D. HÃ¶hn (Jan 23 2005)
- Babu Kopparam (Jan 19 2005)
Automagic webapp testing tools
- Leigh Morresi (Mar 20 2005)
- robert_at_dyadsecurity.com (Mar 13 2005)
- Evans, Arian (Mar 10 2005)
- inflatablekiwi_at_gmail.com (Mar 09 2005)
awareness improvement demo
- koro69_at_yepmail.net (Mar 05 2005)
Ber encoding for ldap response control.
- Babu Kopparam (Mar 17 2005)
Betr.: detecting malicious image file
- Philip Wagenaar (Feb 07 2005)
Boston OWASP Chapter
- Weiler, Jim (Mar 02 2005)
calling all software security tool vendors/freeware/open source project leads
- Evans, Arian (Mar 14 2005)
- Evans, Arian (Mar 11 2005)
Canicalization Of User Input In PHP
- Paul Johnston (Jan 19 2005)
- warnings_at_envisagement.com (Jan 16 2005)
Categories for application security testing & tools
- Evans, Arian (Mar 02 2005)
Clarification to: -->calling all software security tool vendors/freeware/open source project leads
- Evans, Arian (Mar 12 2005)
clear-text passwords in shell/perl scripts
- M. Shirk (Mar 28 2005)
- Scovetta, Michael V (Mar 28 2005)
- Ofer Shezaf (Mar 23 2005)
- Paul Johnston (Mar 23 2005)
- Carsten Kuckuk (Mar 23 2005)
- Liran Cohen (Mar 21 2005)
- Richard Moore (Mar 21 2005)
- Joseph Miller (Mar 21 2005)
- Griffiths, Ian (Mar 21 2005)
- Jeff Robertson (Mar 18 2005)
Content monitorting in Application Security
- Ofer Shezaf (Jan 25 2005)
- Martin Schapendonk (Jan 23 2005)
- Ofer Shezaf (Jan 19 2005)
- Ofer Shezaf (Jan 19 2005)
- Jeremiah Grossman (Jan 14 2005)
- Jeremiah Grossman (Jan 10 2005)
- Ivan Ristic (Jan 10 2005)
- Antoine Martin (Jan 10 2005)
- oliver.karow_at_gmx.de (Jan 09 2005)
- Martin Maèok (Jan 10 2005)
- Ofer Shezaf (Jan 09 2005)
- Paul Laudanski (Jan 08 2005)
- Security (Jan 07 2005)
- Jeremiah Grossman (Jan 07 2005)
- Paul Laudanski (Jan 07 2005)
- Ivan Ristic (Jan 07 2005)
- Alfred Hitchcock (Jan 07 2005)
Copying files from one server to another.
- Booth, Simon (Feb 24 2005)
- MAGNY David (Feb 24 2005)
- David (Feb 23 2005)
- dave kleiman (Feb 23 2005)
- Michael Sztachanski (Feb 23 2005)
- Eric Boughner (Feb 22 2005)
current responses to phishing
- q q (Feb 15 2005)
- Rishi Pande (Feb 03 2005)
Data sanitization approaches in Java
- Stephen de Vries (Jan 17 2005)
- Jeff Williams (Jan 16 2005)
- Benjamin Livshits (Jan 14 2005)
detecting malicious image file
- Weiler, Jim (Feb 07 2005)
Doubt in Application Audit
- varun uppal (Feb 23 2005)
- Jeffory Atkinson (Feb 24 2005)
- Shan, Xuning V (Vincent) (Feb 23 2005)
- Alfred Hitchcock (Feb 23 2005)
Dropping connection instead of returning 400
- Devdas Bhagat (Mar 06 2005)
- Garth Somerville (Mar 04 2005)
- Michel Arboi (Mar 04 2005)
- christopher_at_baus.net (Mar 03 2005)
- Michael Silk (Mar 03 2005)
- Mariusz Pêkala (Mar 03 2005)
- christopher_at_baus.net (Mar 01 2005)
eBanking Security Testing (network and application) Methodology Released
- Yuri Demchenko (Mar 07 2005)
- cbc (Mar 03 2005)
- peter_at_ebankingsecurity.com (Mar 02 2005)
Exploits from command line?
- Antoine Martin (Jan 19 2005)
- Benjamin Livshits (Jan 18 2005)
Filtering by client IP address for Web App Sessions
- Evans, Arian (Mar 02 2005)
- Javier Fernandez-Sanguino (Feb 28 2005)
- Paul Johnston (Feb 28 2005)
- Jason Coombs (Feb 27 2005)
- Frank Knobbe (Feb 26 2005)
- Scovetta, Michael V (Feb 24 2005)
- Griffiths, Ian (Feb 24 2005)
- exon (Feb 24 2005)
- Steve Shah (Feb 23 2005)
- Paul Johnston (Feb 24 2005)
- Amichai Shulman (Feb 24 2005)
- Evans, Arian (Feb 23 2005)
force extention handling in IIS?
- Adam Tuliper (Feb 15 2005)
- Ken Schaefer (Feb 14 2005)
- Cory Foy (Feb 14 2005)
- Ken Schaefer (Feb 14 2005)
- Adam Tuliper (Feb 14 2005)
- Alex 'CAVE' Cernat (Feb 13 2005)
- Damhuis Anton (Feb 13 2005)
- Leigh Morresi (Feb 13 2005)
Formation of OWASP Chapter in Winnipeg, MB, CA
- Yvan Boily (Feb 08 2005)
Foundstone Hacme Books and .NET Security Toolkit
- dotnetdeveloper_at_hushmail.com (Mar 10 2005)
- Mark Curphey (Mar 08 2005)
Google Hacking and SiteDigger 2.0
- GuidoZ (Jan 10 2005)
- Kartik Trivedi (Jan 10 2005)
How to list all the URLs on a web server
- Ofer Shezaf (Jan 10 2005)
- PCSage Information Services (Jan 10 2005)
- tie (Jan 09 2005)
- Rafael San Miguel Carrasco (Jan 09 2005)
- Dan Connelly (Jan 08 2005)
- GuidoZ (Jan 07 2005)
- michaelsilk_at_gmail.com (Jan 08 2005)
- Lyal Collins (Jan 07 2005)
- skill2die4_at_secguru.com (Jan 07 2005)
- Ofer Shezaf (Jan 07 2005)
- Lists (Jan 07 2005)
HTMLEncode
- RSnake (Jan 07 2005)
- Alfred Hitchcock (Jan 07 2005)
Information about Software quality in Web Apps
- Philip Wagenaar (Jan 04 2005)
- Robert P³awiak (Jan 04 2005)
- Jaime Alvaro (Jan 03 2005)
Input Validation vs. Output Validation (was: ISA Server and SQL Injection)
- Jeff Williams (Mar 03 2005)
Is this expoitable via sql injection?
- Nils Gundelach (Jan 16 2005)
- Rogan Dawes (Jan 14 2005)
- Nils Gundelach (Jan 11 2005)
ISA Server and SQL Injection
- Paul Johnston (Mar 03 2005)
- Evans, Arian (Mar 02 2005)
- Jan P. Monsch (Mar 02 2005)
- Jan P. Monsch (Mar 02 2005)
- christopher_at_baus.net (Mar 01 2005)
- Evans, Arian (Mar 02 2005)
- Jan P. Monsch (Mar 01 2005)
- Stephen de Vries (Feb 24 2005)
- fantomas (Feb 24 2005)
- Paul Johnston (Feb 24 2005)
- Mark Curphey (Feb 23 2005)
- Paul Johnston (Feb 23 2005)
- Mark Curphey (Feb 23 2005)
- Paul Johnston (Feb 23 2005)
- Mark Curphey (Feb 21 2005)
- Ofer Shezaf (Feb 19 2005)
- Marty Block (Feb 18 2005)
- Matthieu Estrade (Feb 18 2005)
- Sebastien Deleersnyder (Feb 18 2005)
- Matthieu Estrade (Feb 17 2005)
- Jeff Robertson (Feb 17 2005)
- Matthieu Estrade (Feb 17 2005)
- Bogdan Tomchuk (Feb 17 2005)
- Tim Hoolihan (Feb 17 2005)
- Matthieu Estrade (Feb 17 2005)
- Roberto GABERGI (Feb 17 2005)
- charles freeman (Feb 16 2005)
- Bogdan Tomchuk (Feb 16 2005)
- Matthieu Estrade (Feb 16 2005)
- Darren Bounds (Feb 16 2005)
- Hofmeyr, Michael (ZA - Johannesburg) (Feb 15 2005)
- John Steer (Feb 14 2005)
- Rafael San Miguel (Feb 14 2005)
J2EE Guide List established
- Andrew van der Stock (Feb 15 2005)
Java -> .NET RSA Encryption
- john bart (Mar 30 2005)
java.net.URI.normalize() problem
- Felipe Moreno (Feb 18 2005)
- Garth Somerville (Feb 18 2005)
- Felipe Moreno (Feb 17 2005)
magic_quotes
- Matt Fisher (Jan 18 2005)
- James Barkley (Jan 14 2005)
- Wojciech Pawlikowski (Jan 13 2005)
New presentation: Advanced SQL Injection in Oracle databases
- Esteban Martínez Fayó (Feb 03 2005)
New Whitepaper available on security best practices
- webappsec_at_technicalinfo.net (Jan 31 2005)
New Whitepaper: Anti Brute Force Resource Metering
- Paul Johnston (Mar 30 2005)
Object Caching with IE 6 XP SP2
- Don Tuer (Feb 25 2005)
Odd things going on at the ChoicePoint Web site
- Richard M. Smith (Feb 22 2005)
- Jeff Robertson (Feb 22 2005)
- Bill Pennington (Feb 21 2005)
- Daniel (Feb 21 2005)
- Richard M. Smith (Feb 20 2005)
Off topic: what is sensitive information on a website?
- Michael Silk (Jan 28 2005)
- focus_at_karsites.net (Jan 28 2005)
- Martin Maèok (Jan 28 2005)
- Griffiths, Ian (Jan 28 2005)
- Dave Ryan (Jan 28 2005)
Open Source Events: PHP Security Conference
- Nathaniel Brown - Inimit (Mar 14 2005)
OWASP LA chapter meeting
- Kartik Trivedi (Jan 25 2005)
OWASP Meeting Tues 1/25 (6PM in Columbia MD)
- Jeff Williams (Jan 20 2005)
OWASP Washington, DC Local Chapter meeting set for 25 Jan
- Matthew Chalmers (Jan 19 2005)
Paros 3.2.0 beta release
- contact_at_parosproxy.org (Jan 23 2005)
Paros 3.2.0 release
- contact_at_parosproxy.org (Mar 08 2005)
Paros 3.2.0beta for Java 1.4.2
- contact_at_parosproxy.org (Jan 25 2005)
Paros Mac OS X package
- Stephen de Vries (Feb 17 2005)
Passing Credentials in the clear- Possible fixes
- Lyal Collins (Feb 27 2005)
- Jeff (Feb 25 2005)
PCI - Visa / MC / Amex merchant security standards
- Lyal Collins (Feb 12 2005)
- Andre Ludwig (Feb 09 2005)
- Andrew van der Stock (Feb 09 2005)
- Andrew van der Stock (Feb 08 2005)
phishing pages
- WebAppSecurity [Technicalinfo.net] (Jan 29 2005)
- Paul Laudanski (Jan 28 2005)
- Tim Hoolihan (Jan 27 2005)
- Andrew Smith (Jan 27 2005)
- Rishi Pande (Jan 26 2005)
PHP Directory Transversal
- Alex 'CAVE' Cernat (Mar 18 2005)
- Andres Molinetti (Mar 14 2005)
- John GALLET (Mar 14 2005)
- Mehmet Buyukozer (Mar 10 2005)
- David M. Zendzian (Mar 10 2005)
- Ravish (Mar 10 2005)
- Sarath Kummamuru (Mar 10 2005)
- Andres Molinetti (Mar 10 2005)
- Richard Moore (Mar 10 2005)
- Felikz (Mar 10 2005)
- Andres Molinetti (Mar 10 2005)
php to do input validation...
- Darren Bounds (Feb 03 2005)
- Andrew van der Stock (Feb 03 2005)
- Griffiths, Ian (Feb 03 2005)
- Kevin Carlson (Feb 02 2005)
- Matthew Wirges (Feb 01 2005)
phpBB Ban
- Joseph Miller (Mar 21 2005)
- Daniel (Mar 21 2005)
- Joseph Miller (Mar 18 2005)
Preventing direct URL access in a J2EE environment
- Paul Johnston (Mar 10 2005)
- Kevin Conaway (Mar 04 2005)
- David Robert (Mar 03 2005)
- Evans, Arian (Mar 03 2005)
- Jeroen van Rijn (Mar 03 2005)
- Roy Britten (Mar 03 2005)
- Jeroen van Rijn (Mar 03 2005)
- Dwayne Ghant (Mar 03 2005)
- Scovetta, Michael V (Mar 03 2005)
- Paul Johnston (Mar 03 2005)
- Kevin Conaway (Mar 02 2005)
- Saqib Ali (Mar 01 2005)
- RSnake (Mar 01 2005)
- Jeff Robertson (Mar 02 2005)
- Saqib Ali (Mar 01 2005)
- Kevin Conaway (Mar 01 2005)
Proposal to anti-phishing
- Harper.Matthew (Jan 27 2005)
- Mike Podanoffsky (Jan 26 2005)
- Moksha Faced (Jan 25 2005)
- Rogan Dawes (Jan 24 2005)
- Michael Silk (Jan 24 2005)
- Kurt Seifried (Jan 24 2005)
- Lyal Collins (Jan 24 2005)
- Adler Eliacin (Jan 24 2005)
- Lyal Collins (Jan 24 2005)
- lists_at_dawes.za.net (Jan 24 2005)
- Michael Silk (Jan 24 2005)
- Griffiths, Ian (Jan 24 2005)
- Robert Hajime Lanning (Jan 24 2005)
- Rogan Dawes (Jan 24 2005)
- Lyal Collins (Jan 23 2005)
- Rogan Dawes (Jan 24 2005)
- Lyal Collins (Jan 24 2005)
- Sam Koh (Jan 22 2005)
- Jimi Thompson (Jan 20 2005)
- Lyal Collins (Jan 19 2005)
- Cory Foy (Jan 19 2005)
- Rogan Dawes (Jan 19 2005)
- Michael Silk (Jan 19 2005)
- Rogan Dawes (Jan 19 2005)
- Michael Silk (Jan 19 2005)
- Rogan Dawes (Jan 19 2005)
- exon (Jan 19 2005)
- Michael Silk (Jan 18 2005)
- Lyal Collins (Jan 18 2005)
- Rogan Dawes (Jan 16 2005)
- Rogan Dawes (Jan 16 2005)
- Lyal Collins (Jan 16 2005)
- Moksha Faced (Jan 17 2005)
- Michael Silk (Jan 16 2005)
- Lyal Collins (Jan 17 2005)
- Florian Weimer (Jan 16 2005)
- Frank Knobbe (Jan 16 2005)
- Rogan Dawes (Jan 17 2005)
- Frank Knobbe (Jan 16 2005)
- Rob Skedgell (Jan 16 2005)
- Lyal Collins (Jan 15 2005)
- Lyal Collins (Jan 15 2005)
- Florian Weimer (Jan 14 2005)
- Rogan Dawes (Jan 14 2005)
- ACMurray_at_cmp.com (Jan 14 2005)
- WebAppSecurity [Technicalinfo.net] (Jan 14 2005)
- RSnake (Jan 14 2005)
- Rishi Pande (Jan 14 2005)
- Rogan Dawes (Jan 14 2005)
- Don Tuer (Jan 14 2005)
- Rafael San Miguel (Jan 12 2005)
proxy/portal
- sf_at_securax.dk (Mar 16 2005)
SAML implementation
- Yuri Demchenko (Feb 09 2005)
- Rishi Pande (Feb 01 2005)
SAP/SAP-Portal
- sf_at_securax.dk (Mar 15 2005)
Secure coding techniques
- Andrew van der Stock (Feb 03 2005)
- _kiss_ (Jan 31 2005)
secure storage of sensitive data in J2EE
- exon (Feb 14 2005)
- Michael Silk (Feb 10 2005)
- exon (Feb 10 2005)
- exon (Feb 10 2005)
- Alexander Klimov (Feb 10 2005)
- Michael Howard (Feb 09 2005)
- Michael Silk (Feb 09 2005)
- Michael Howard (Feb 09 2005)
- Olaf Reitmaier (Feb 09 2005)
- Olaf Reitmaier (Feb 09 2005)
- Michael Silk (Feb 09 2005)
- Michael Silk (Feb 09 2005)
- Nick Seward (Feb 09 2005)
- Michael Silk (Feb 09 2005)
- Michael Howard (Feb 09 2005)
- Benjamin Livshits (Feb 09 2005)
- Randy (Feb 09 2005)
- Nick Seward (Feb 09 2005)
- Richard Moore (Feb 09 2005)
- Kevin Conaway (Feb 09 2005)
- Ashish Popli (Feb 08 2005)
- Antoine Martin (Feb 07 2005)
- Valdis.Kletnieks_at_vt.edu (Feb 07 2005)
- Dimitris Mistriotis (Feb 07 2005)
- Kevin Conaway (Feb 07 2005)
- Erez Metula (Jan 31 2005)
- Scovetta, Michael V (Jan 31 2005)
- Jaime Spicciati (Jan 31 2005)
- Alexander Klimov (Jan 31 2005)
- Erez Metula (Jan 30 2005)
- Steve Taylor (Jan 27 2005)
- Sean Radford (Jan 25 2005)
- Valdis.Kletnieks_at_vt.edu (Jan 25 2005)
- Alexander Klimov (Jan 25 2005)
- chaim moshe (Jan 25 2005)
secure storage of sensitive data in J2EE [Virus Checked]
- graham.coles_at_retail-logic.com (Feb 09 2005)
Security Webcast Series
- Evans, Arian (Feb 07 2005)
- JoeStagner (Feb 05 2005)
- Evans, Arian (Feb 03 2005)
- Bit Rider (Feb 02 2005)
- JoeStagner (Feb 02 2005)
Smart card proposal
- Kevin Kadow (Feb 15 2005)
- Rogan Dawes (Feb 03 2005)
- Lyal Collins (Feb 02 2005)
- Glenn_Everhart_at_bankone.com (Feb 02 2005)
- Miguel Ruiz Velasco Sobrino (Jan 31 2005)
- Lyal Collins (Jan 28 2005)
- Koh Gim Leng (Jan 27 2005)
- maburns_at_safenet-inc.com (Jan 25 2005)
- DE Gustafson (Jan 27 2005)
- maburns_at_safenet-inc.com (Jan 25 2005)
- Ofer Shezaf (Jan 25 2005)
- Richard M. Smith (Jan 25 2005)
- Ofer Shezaf (Jan 25 2005)
- McAllister, Andrew (Jan 25 2005)
- Rogan Dawes (Jan 25 2005)
- Rogan Dawes (Jan 24 2005)
- Hugo Fortier (Jan 24 2005)
- Richard M. Smith (Jan 24 2005)
- Hugo Fortier (Jan 24 2005)
- maburns_at_safenet-inc.com (Jan 24 2005)
- Rogan Dawes (Jan 24 2005)
- Hugo Fortier (Jan 24 2005)
- Rishi Pande (Jan 24 2005)
- Richard M. Smith (Jan 24 2005)
- Rogan Dawes (Jan 24 2005)
- Lyal Collins (Jan 23 2005)
- Michael Silk (Jan 23 2005)
- Rogan Dawes (Jan 19 2005)
Software security specifications
- Andrew van der Stock (Feb 23 2005)
- Angelo Perniola (Feb 22 2005)
- i.matilde_at_gmail.com (Feb 22 2005)
- udayan pathak (Feb 21 2005)
- Jeff Williams (Feb 21 2005)
- i.matilde_at_gmail.com (Feb 21 2005)
Solutions, Results, and Comments - Was [ISA Server and SQL Injection]
- Jeff Williams (Mar 01 2005)
- Jeremiah Grossman (Feb 28 2005)
- Jeff Williams (Feb 28 2005)
- Jeremiah Grossman (Feb 28 2005)
- Michael Silk (Feb 27 2005)
- Jeremiah Grossman (Feb 24 2005)
- Jeff Williams (Feb 23 2005)
- David (Feb 23 2005)
- Jeremiah Grossman (Feb 22 2005)
SQL injection
- nummish_at_0x90.org (Jan 19 2005)
- Cory Foy (Jan 19 2005)
- Serg Belokamen (Jan 19 2005)
- exon (Jan 19 2005)
- John McGuire (Jan 19 2005)
- Josh Zlatin-Amishav (Jan 19 2005)
- James Riden (Jan 18 2005)
- Francesco (Jan 16 2005)
SQL Injection problem
- Asim Shaikh (Mar 13 2005)
state management by client IP address for Web App Sessions
- Evans, Arian (Feb 25 2005)
storing SSNs, CCNs, password in the DB
- Wall, Kevin (Mar 01 2005)
- McAllister, Andrew (Mar 01 2005)
- Jeff Robertson (Mar 01 2005)
- Joseph Miller (Feb 28 2005)
- Paul Johnston (Feb 28 2005)
- Alvin Oga (Feb 28 2005)
- Andrew van der Stock (Feb 27 2005)
- Francesco (Feb 27 2005)
- Adam Shostack (Feb 27 2005)
- Francesco (Feb 27 2005)
SV: force extention handling in IIS?
- Fredrik Hesse (Feb 14 2005)
SV: Java -> .NET RSA Encryption
- Fredrik Hesse (Mar 29 2005)
SyScAN'05 CFP
- organiser_at_syscan.org (Jan 17 2005)
The Santy worm and Application Security
- Paul Laudanski (Jan 02 2005)
- Ofer Shezaf (Jan 02 2005)
- Paul Laudanski (Dec 31 2004)
- Ofer Shezaf (Dec 31 2004)
- Paul Laudanski (Dec 31 2004)
Two questions: FAQ and OWASP ASAC
- Bob Auger (Jan 14 2005)
- Rogan Dawes (Jan 14 2005)
- Wall, Kevin (Jan 10 2005)
Unicode security discussion paper
- Andrew van der Stock (Mar 14 2005)
Update: OWASP AppSec Europe 2005, April 9-10
- Dave Wichers (Mar 10 2005)
- Dave Wichers (Feb 07 2005)
Using Google Desktop Search for remote system monitoring
- Abe Usher (Jan 08 2005)
Using SPNEGO for web SSO
- lists_at_dawes.za.net (Feb 28 2005)
- Saqib Ali (Feb 27 2005)
- Burak DAYIOGLU (Feb 24 2005)
Vulnerability statistics
- Michael Howard (Jan 14 2005)
- Steven M. Christey (Jan 10 2005)
- Adam Shostack (Jan 07 2005)
- Michael Howard (Jan 07 2005)
- Jeremiah Grossman (Jan 07 2005)
- Benjamin Livshits (Jan 06 2005)
WASC-Articles: "The 80/20 Rule for Web Application Security"
- robert_at_webappsec.org (Jan 31 2005)
WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein
- robert_at_webappsec.org (Feb 28 2005)
web application audit ideas needed
- exon (Feb 14 2005)
- learn lids (Feb 13 2005)
Web Scanners
- Tonie (Mar 03 2005)
- blad3 (Mar 03 2005)
- El C0chin0 (Mar 02 2005)
Web Scanners & Acunetix
- Evans, Arian (Mar 11 2005)
Web Sec Conference in Europe: Websec 2005 in London, Mar 14 to 18, 2005
- David Rhoades (Feb 11 2005)
Web security breach changes the lives of 119 people
- psiphon_at_infosecguides.com (Mar 29 2005)
- Cory Foy (Mar 29 2005)
- Michael Silk (Mar 28 2005)
- Ed Tracy _at_ Aspect Security (Mar 28 2005)
- Peter Conrad (Mar 23 2005)
- ed.tracy_at_aspectsecurity.com (Mar 21 2005)
- Jeff Williams (Mar 18 2005)
- roger.franks_at_middleeastadvertising.com (Mar 13 2005)
- El C0chin0 (Mar 14 2005)
- Bill Nichols (Mar 11 2005)
- Kim Dyer (Mar 10 2005)
- Griffiths, Ian (Mar 10 2005)
- Jason Coombs (Mar 09 2005)
- Altheide, Cory B. (IARC) (Mar 09 2005)
- christopher_at_baus.net (Mar 09 2005)
- Richard M. Smith (Mar 08 2005)
Web site cookie overload?
- Alexander Klimov (Jan 25 2005)
- Nick Seward (Jan 25 2005)
- Alexander Klimov (Jan 25 2005)
- Richard M. Smith (Jan 24 2005)
- Griffiths, Ian (Jan 24 2005)
- Nick (Jan 19 2005)
- Richard M. Smith (Jan 17 2005)
Web sites keep making the same mistakes over and over again
- Richard M. Smith (Feb 23 2005)
Webmail Service vulnerabilities
- Scovetta, Michael V (Jan 04 2005)
- Tim Brown (Jan 05 2005)
- Moritz Naumann (Jan 04 2005)
- Dimitri Borjac (Jan 04 2005)
What is more secure?
- Devdas Bhagat (Mar 05 2005)
- Chris Thorp (Feb 28 2005)
- Harry de Grote (Feb 28 2005)
- Tomas (Feb 27 2005)
- Alvin Oga (Feb 27 2005)
- blackhat (Feb 27 2005)
- Tomas (Feb 24 2005)
White paper: Authentication and Session Management on the Web
- Paul Johnston (Feb 07 2005)
Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications"
- Florian Weimer (Jan 07 2005)
- Weiler, Jim (Jan 07 2005)
Why eBanking is Bad for your Bank Balance - new paper
- peter_at_ebankingsecurity.com (Mar 06 2005)
XSS or HTTP Response Splitting?
- Amit Klein (AKsecurity) (Jan 04 2005)
- Joxean Koret (Jan 02 2005)