SecurityFeed.info » Web App Security (webappsec) Mailing List

Feeds

23887 items (23887 unread) in 97 feeds

• Aviv Raff On .NET (18 unread)
• Bugtraq (bugtraq) Mailing List (605 unread)
• CGISecurity.com: Your Web Site and Application Security Resource (74 unread)
• christian's weblog (25 unread)
• Irongeek's Security Site (125 unread)
• Jeremiah Grossman (74 unread)
• Heorot.net (11 unread)
• milw0rm.com (440 unread)
• Nmap Hackers (nmap-hackers) Mailing List (7 unread)
• Packet Storm Security Advisories (373 unread)
• Packet Storm Security Exploits (461 unread)
• Packet Storm Security Headlines (376 unread)
• Packet Storm Security Last 100 (1841 unread)
• Packet Storm Security Last 20 (833 unread)
• Packet Storm Security Last 50 (1441 unread)
• Packet Storm Security Last Files (544 unread)
• Packet Storm Security Miscellaneous Files (109 unread)
• Packet Storm Security Tools (113 unread)
• Rootsecure.net (694 unread)
• SecuriTeam.com (184 unread)
• Security Vulnerability Research & Defense (36 unread)
• SecurityFocus News (139 unread)
• SecurityFocus Vulnerabilities (806 unread)
• Securityvulns news channel (336 unread)
• SecWatch - Latest Exploit Alerts (10 unread)
• Taking Network Security to the Streets (28 unread)
• The One And Only Matt Parnell.com (34 unread)
• The Register - Security (389 unread)
• The Register - Software (457 unread)
• VulnWatch (vulnwatch) Mailing List (19 unread)
• Web App Security (webappsec) Mailing List (88 unread)
• IceСμbeς (15 unread)
• Linmagazine (186 unread)
• ‫netcraft Bytes :) (38 unread)
• Digg (4061 unread)
• Blonde 2.0 (51 unread)
• The Microsoft Security Response Center (MSRC) (40 unread)
• (IN)SECURE Magazine Notifications RSS (17 unread)
• 0x000000 Security (79 unread)
• ----- Anti-Malware ----- Analysis and Defense (15 unread)
• Apple Fun (25 unread)
• Technorati Search for: aviv.raffon.net (203 unread)
• C.I.S.R.T. (10 unread)
• Determina Zero-Day Protection (6 unread)
• Didier Stevens (47 unread)
• eEye Digital Security - Research Blog (10 unread)
• Ryan Naraine's Security Watch (96 unread)
• Security - RSS Feeds (179 unread)
• Exploit Prevention Labs (28 unread)
• Software Vulnerability Exploitation Blog (22 unread)
• F-Secure Antivirus Research Weblog (75 unread)
• Full Disclosure (290 unread)
• George Ou (10 unread)
• GNUCITIZEN Media Portfolio (65 unread)
• ha.ckers.org web application security lab (35 unread)
• heise security (342 unread)
• invisiblethings' blog (35 unread)
• Jeff Jones's blog (12 unread)
• JScript Blog (16 unread)
• Matasano Chargen (38 unread)
• McAfee Avert Labs (66 unread)
• Michael Howard's Web Log (26 unread)
• PandaLabs (35 unread)
• Zero Day (273 unread)
• SANS Internet Storm Center, InfoCON: green (232 unread)
• Latest Secunia Security Watchdog Blog Entries (24 unread)
• SecuriTeam Blogs (65 unread)
• Security Fix (115 unread)
• HP ASC Portal (30 unread)
• Strike Center (12 unread)
• Sunbelt Blog (217 unread)
• Sunnet Beskerming Security Advisories (29 unread)
• Technobabylon
• The Recurity Lablog (31 unread)
• Wired: Threat Level (454 unread)
• TrendLabs | Malware Blog - by Trend Micro (159 unread)
• Uninformed Journal (44 unread)
• WabiSabiLabi's blog (22 unread)
• WatchGuard Wire (48 unread)
• Latest Blog Entires From WebSense Security Labs (42 unread)
• Hackszine.com (151 unread)
• DVLabs: Blogs (63 unread)
• Errata Security (81 unread)
• Robert Hensing's Blog (71 unread)
• PaulDotCom Community Blog (10 unread)
• David LeBlanc's Web Log (20 unread)
• Billy (BK) Rios (19 unread)
• David Litchfield's blog (21 unread)
• Farfromr00tin (23 unread)
• aut disce, aut discede (17 unread)
• pwn* (16 unread)
• hackademix.net (42 unread)
• SecurityDot Vulnerabilities (422 unread)
• Vulnerabilities & Exploits (29 unread)
• Malicious Code (26 unread)
• Security Risks (21 unread)
• Digg / Security / upcoming (4195 unread)

Web App Security (webappsec) Mailing List (10 unread)

• August 21, 2008
• 23:31

  Re: Deep Blind SQL Injection Whitepaper

   » ‎ Web App Security (webappsec) Mailing List
  Posted by Haroon Meer on Aug 21

  Hey guys..
  

  * On 19/08/2008, [at 14:38:55 +0100] Ferruh Mavituna [ferruh_at_mavituna.com] seemed to say:
  >This is a short whitepaper about a new way to exploit Blind SQL
  >Injections. It's implemented in BSQL Hacker (
  >http://labs.portcullis.co.uk/application/bsql-hacker/ ).
  >
  ...

• August 19, 2008
• 16:40

  BSQL Hacker 0.9.0.7 - Advanced SQL Injection Framework Tool

   » ‎ Web App Security (webappsec) Mailing List
  Posted by Ferruh Mavituna on Aug 19

  BSQL Hacker is an automated SQL Injection Framework / Tool designed to
  exploit SQL injection vulnerabilities virtually in any database.
  

  It ships with Automated Attack modules which allows to dump whole database:
  

      * SQL Server
      * ORACLE
  ...

• 16:38

  Deep Blind SQL Injection Whitepaper

   » ‎ Web App Security (webappsec) Mailing List
  Posted by Ferruh Mavituna on Aug 19

  This is a short whitepaper about a new way to exploit Blind SQL
  Injections. It's implemented in BSQL Hacker (
  http://labs.portcullis.co.uk/application/bsql-hacker/ ).
  

  It is possible gather information from a target server with a 66%
  reduction in the number of requests made of the server...

• August 11, 2008
• 19:11

  RE: [WEB SECURITY] Surf Jack - HTTPS will not save you

   » ‎ Web App Security (webappsec) Mailing List
  Posted by Martin ONeal on Aug 11

  I couldn't see it mentioned in the paper or referenced material (but to
  be fair, I didn't spend a lot of time looking :) but this works just as
  well for sites that have no http server available at all (https only).
  All that is required is a listening port; simply make your URI into
  ...

• 12:46

  Surf Jack - HTTPS will not save you

   » ‎ Web App Security (webappsec) Mailing List
  Posted by publists_at_enablesecurity.com on Aug 11

  ('binary' encoding is not supported, stored as-is) Say hello to a new security tool called “Surf Jack” which demonstrates a security flaw found in various public sites. The proof of concept tool allows testers to steal session cookies on HTTP and HTTPS sites that do not set the Cookie secure...

• July 28, 2008
• 10:38

  Attacking People through Web Apps (on Linux)

   » ‎ Web App Security (webappsec) Mailing List
  Posted by Pete Herzog on Jul 28

  Hi,
  

  People working with Linux web servers may be interested in noting the
  new Hacking Exposed Linux is out. This 3rd edition has been completely
  re-written by ISECOM as a project and goes deeply into hacking and
  protecting people from web applications on Linux servers. Since the
  focus has...

• 10:38

  Attacking People through Web Apps (on Linux)

   » ‎ Web App Security (webappsec) Mailing List
  Posted by Pete Herzog on Jul 28

  Hi,
  

  People working with Linux web servers may be interested in noting the
  new Hacking Exposed Linux is out. This 3rd edition has been completely
  re-written by ISECOM as a project and goes deeply into hacking and
  protecting people from web applications on Linux servers. Since the
  focus has...

• July 26, 2008
• 18:58

  Re: outlook web access authentication

   » ‎ Web App Security (webappsec) Mailing List
  Posted by charlesparker on Jul 26

  Thanks for all the great advice! I happened to look over PhoneFactor.
  Looks like it is free to use a limited version, and they happen to have an
  OWA Authentication agent to make setup on an Exchange server easier. I like
  the idea of using the phone channel as the 2nd-factor channel for a...

• July 25, 2008
• 22:27

  Re: outlook web access authentication

   » ‎ Web App Security (webappsec) Mailing List
  Posted by agoldwater on Jul 25

  Good think about PhoneFactor is that for very limited user inconvenience
  (Press "#" in response to an in-coming call), she gets pretty robust
  2-factor Authentication. It is well understood that better authentication
  requires sacrifice, but in this case, you get a whole lot of...

• 6:16

  Information Security Events in North America

   » ‎ Web App Security (webappsec) Mailing List
  Posted by Garrett Gee on Jul 24

  Hey everyone,
  

  I wanted to let you know of a calendar resource that I've been building.
    It is a google shared calendar, that lists all of the major
  information security events in North America. I created this calendar
  because I was always loosing track of what events were coming...