SecurityFeed.info » Web App Security (webappsec) Mailing List

Feeds

57036 items (57036 unread) in 90 feeds

• Aviv Raff On .NET (29 unread)
• Bugtraq (bugtraq) Mailing List (2860 unread)
• CGISecurity.com: Your Web Site and Application Security Resource (415 unread)
• christian's weblog (25 unread)
• Irongeek's Security Site (344 unread)
• Jeremiah Grossman (191 unread)
• Heorot.net (19 unread)
• milw0rm.com (1332 unread)
• Nmap Hackers (nmap-hackers) Mailing List (27 unread)
• Rootsecure.net (3262 unread)
• SecuriTeam.com (645 unread)
• Security Vulnerability Research & Defense (147 unread)
• SecurityFocus News (435 unread)
• SecurityFocus Vulnerabilities (2707 unread)
• Securityvulns news channel (1735 unread)
• SecWatch - Latest Exploit Alerts (10 unread)
• Taking Network Security to the Streets (28 unread)
• The One And Only Matt Parnell.com (86 unread)
• The Register - Security (2360 unread)
• The Register - Software (2742 unread)
• VulnWatch (vulnwatch) Mailing List (19 unread)
• Web App Security (webappsec) Mailing List (433 unread)
• IceСμbeς (15 unread)
• Linmagazine (757 unread)
• ‫netcraft Bytes :) (130 unread)
• Blonde 2.0 (218 unread)
• The Microsoft Security Response Center (MSRC) (175 unread)
• (IN)SECURE Magazine Notifications RSS (45 unread)
• 0x000000 Security (95 unread)
• ----- Anti-Malware ----- Analysis and Defense (16 unread)
• Apple Fun (25 unread)
• Technorati Search for: aviv.raffon.net (368 unread)
• C.I.S.R.T. (25 unread)
• Determina Zero-Day Protection (6 unread)
• Didier Stevens (157 unread)
• eEye Digital Security - Research Blog (12 unread)
• Ryan Naraine's Security Watch (488 unread)
• Security - RSS Feeds (1100 unread)
• Exploit Prevention Labs (28 unread)
• Software Vulnerability Exploitation Blog (22 unread)
• F-Secure Antivirus Research Weblog (470 unread)
• Full Disclosure (1289 unread)
• George Ou (10 unread)
• GNUCITIZEN Media Portfolio (157 unread)
• ha.ckers.org web application security lab (135 unread)
• heise security (1864 unread)
• invisiblethings' blog (57 unread)
• Jeff Jones's blog (13 unread)
• JScript Blog (26 unread)
• Matasano Chargen (74 unread)
• McAfee Avert Labs (354 unread)
• Michael Howard's Web Log (46 unread)
• PandaLabs (227 unread)
• Zero Day (867 unread)
• SANS Internet Storm Center, InfoCON: green (1115 unread)
• Latest Secunia Security Watchdog Blog Entries (71 unread)
• SecuriTeam Blogs (248 unread)
• Security Fix (494 unread)
• HP ASC Portal (30 unread)
• Strike Center (12 unread)
• Sunbelt Blog (909 unread)
• Sunnet Beskerming Security Advisories (149 unread)
• Technobabylon
• The Recurity Lablog (34 unread)
• Wired: Threat Level (1460 unread)
• TrendLabs | Malware Blog - by Trend Micro (636 unread)
• Uninformed Journal (49 unread)
• WabiSabiLabi's blog (23 unread)
• WatchGuard Wire (134 unread)
• Latest Blog Entires From WebSense Security Labs (164 unread)
• Hackszine.com (664 unread)
• DVLabs: Blogs (145 unread)
• Errata Security (177 unread)
• Robert Hensing's Blog (93 unread)
• PaulDotCom Community Blog (14 unread)
• David LeBlanc's Web Log (34 unread)
• Billy (BK) Rios (29 unread)
• David Litchfield's blog (22 unread)
• Farfromr00tin (27 unread)
• aut disce, aut discede (17 unread)
• pwn* (26 unread)
• hackademix.net (106 unread)
• SecurityDot Vulnerabilities (1939 unread)
• Vulnerabilities & Exploits (87 unread)
• Malicious Code (100 unread)
• Security Risks (66 unread)
• Digg / Security / upcoming (17371 unread)
• digg.com: News / Security / Popular (395 unread)
• DarkReading - Security News (926 unread)
• DarkReading - All Stories (148 unread)

Web App Security (webappsec) Mailing List (10 unread)

• March 09, 2010
• 2:58

  Re: Need a real Java web application with vulnerabilities

   » ‎ Web App Security (webappsec) Mailing List

  Posted by Yu Qu on Mar 08

  Hi, Peine and others:
  
  I have encountered similar problems too, my suggestion is please try to google the alphabetic strings like this:
  
  "sql injection vulnerability CVE site:web.nvd.nist.gov jsp"
  
  I believe that some positive results can be found. I'm also looking forward to other suggestions, thx!
  
  Best wishes!
  
  ------------------------------------
  
  Yu Qu
  
  Ph.D. Candidate Student
  
  Ministry of Education Key Lab for Intelligent...
  
• 1:34

  RE: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities

   » ‎ Web App Security (webappsec) Mailing List

  Posted by Calderon, Juan Carlos (GE, Corporate, consultant) on Mar 08

  Yeah, Steve's is just a nice approach, my experience is the same, you
  will hardly find a non vulnerable custom application.
  
  Besides you will improve your internal systems security, but fix them
  fast or you could suddenly have those vulnerabilities exploited in
  production and some grades changed :).
  
  Regards,
  JC
  
  -----Original Message-----
  From: Steve Pinkham [[mailto:steve.pinkham] () gmail com]
  Sent: Lunes, 08 de Marzo de 2010 12:04 p.m.
  To:...
  
• 1:28

  Re: Need a real Java web application with vulnerabilities

   » ‎ Web App Security (webappsec) Mailing List

  Posted by Morgan Reed on Mar 08

  Sounds like the right approach, though I'm not aware of any Java based CMS.
  
  I'd suggest your best bet is to go trawling some of the various
  vulnerability databases around the place for a suitable candidate.
  
  This list is sponsored by Cenzic
  --------------------------------------
  Let Us Hack You. Before Hackers Do!
  It's Finally Here - The Cenzic Website HealthCheck. FREE.
  Request Yours Now!
  [www.cenzic.com]...
  
• 1:24

  Re: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities

   » ‎ Web App Security (webappsec) Mailing List

  Posted by Steve Pinkham on Mar 08

  Rogan Dawes wrote:
  > Unfortunately, your first requirement seems to suggest against your
  > suggestion. :-)
  >
  > As an open source app, the student would be able to see the change logs,
  > and any security announcements for the app, and would be able to make
  > use of those to identify known vulnerabilities in that version of the
  app.
  >
  > I suggest you look for a project that may have had a history of
  >...
  
• 1:18

  Security BSides Austin - sponsors needed!

   » ‎ Web App Security (webappsec) Mailing List

  Posted by Benjamin Tomhave on Mar 08

  Hi folks,
  
  We need your help. We're still looking for sponsors for this weekend's
  Security BSides Austin, which is set to occur the same day as the
  kickoff for SxSW Interactive (a major developer conference). We have
  official sponsorship from Astaro and Panda, plus a couple unofficial
  sponsors. We'd love to see your organization involved, too! We're hoping
  for a successful inaugural event in Austin, TX, so that next year we can
  become officially...
  
• 1:13

  Re: Need a real Java web application with vulnerabilities

   » ‎ Web App Security (webappsec) Mailing List

  Posted by Marc-André Laverdière on Mar 08

  You can have a try at Securibench. Some of the apps in there don't run without
  some serious armtwisting though, but its good enough for manual review and
  static analysis.
  
  Marc-André Laverdière
  Software Security Scientist
  Innovation Labs, Tata Consultancy Services
  Hyderabad, India
  
  This list is sponsored by Cenzic
  --------------------------------------
  Let Us Hack You. Before Hackers Do!
  It's Finally Here - The Cenzic Website HealthCheck....
  
• 1:07

  Re: Need a real Java web application with vulnerabilities

   » ‎ Web App Security (webappsec) Mailing List

  Posted by Federico Maggi on Mar 08

  OWASP's WebGoat Project has designed a non-trivial web application in Java, exactly for this purpose.
  
  Ciao,
  -- Federico
  
  This list is sponsored by Cenzic
  --------------------------------------
  Let Us Hack You. Before Hackers Do!
  It's Finally Here - The Cenzic Website HealthCheck. FREE.
  Request Yours Now!
  [www.cenzic.com]
  --------------------------------------
  
• 1:04

  Re: Need a real Java web application with vulnerabilities

   » ‎ Web App Security (webappsec) Mailing List

  Posted by Kvetch on Mar 08

  Check out Daffodil CRM - [sourceforge.net]
  It has SQL injection, XSS and some coding opportunities.
  
  Nick Baronian
  
  This list is sponsored by Cenzic
  --------------------------------------
  Let Us Hack You. Before Hackers Do!
  It's Finally Here - The Cenzic Website HealthCheck. FREE.
  Request Yours Now!
  [www.cenzic.com]
  --------------------------------------
  
• 0:52

  Re: Need a real Java web application with vulnerabilities

   » ‎ Web App Security (webappsec) Mailing List

  Posted by Wagner Elias on Mar 08

  OWASP Broken Web App Project contains WebGoat an app vulnerable in Java.
  [www.owasp.org]
  
  Regards
  
  2010/3/8 Holger Peine <Holger.Peine () fh-hannover de>:
  
• March 08, 2010
• 14:40

  Need a real Java web application with vulnerabilities

   » ‎ Web App Security (webappsec) Mailing List

  Posted by Holger Peine on Mar 08

  Hello,
  
  I have a student who wants to perform a mostly manual security review
  of some Java web application as his master's thesis work. I am well
  aware of pedagogical, deliberately insecure applications like Webgoat
  and many others. However, we need a real application for this:
  
  - Real code, since the job should create a realistic experience for
  the student, and the results should not be readily available
  in advance (as with Webgoat etc.)
  
  -...