Hosting Provided By

Mailing List Archive For webappsec@securityfocus.com Dec 2002 By Thread

RE: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection Christopher Todd (Tue Dec 31 2002 - 15:29:39 EST)
RE: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection Michael Howard (Tue Dec 31 2002 - 14:34:07 EST)
Re: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection Jeff Williams (at) Aspect (Mon Dec 30 2002 - 22:37:19 EST)
Re: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection Kevin Spett (Mon Dec 30 2002 - 18:48:35 EST)
Re: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection Dave Aitel (Mon Dec 30 2002 - 18:14:39 EST)
Re: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection Kevin Spett (Mon Dec 30 2002 - 17:32:13 EST)
JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection Christopher Todd (Mon Dec 30 2002 - 15:29:26 EST)
Re: securing web based game Tim Aranki (Mon Dec 23 2002 - 11:13:09 EST)
Re: securing web based game Tomas (Mon Dec 23 2002 - 03:31:47 EST)
Re: securing web based game Adam [ckkl] (Sun Dec 22 2002 - 19:12:25 EST)
Re: securing web based game Adrian Wiesmann (Sun Dec 22 2002 - 17:41:16 EST)
Re: securing web based game Adam [ckkl] (Sun Dec 22 2002 - 12:15:06 EST)
Mangle available for download Dawes, Rogan (ZA - Johannesburg) (Sun Dec 22 2002 - 11:34:08 EST)
securing web based game Tomas (Sun Dec 22 2002 - 09:33:35 EST)
Re: post to bugtraq about "session fixation" H D Moore (Fri Dec 20 2002 - 14:22:29 EST)
Re: SUMMARY modify non-persistent cookies and more q's Chris Wysopal (Fri Dec 20 2002 - 09:10:02 EST)
Merry Christmas and a Happy New Year. Mark Curphey (Fri Dec 20 2002 - 11:57:19 EST)
Re: post to bugtraq about "session fixation" Cesar (Fri Dec 20 2002 - 11:00:19 EST)
Re: Fwd: Security Paper: Session Fixation Vulnerability in Web-based Applications Craig_Sullivan(at)Waitrose.co.uk (Fri Dec 20 2002 - 05:15:09 EST)
Re: encoder Kevin Spett (Thu Dec 19 2002 - 17:42:26 EST)
Re: post to bugtraq about "session fixation" Steven M. Christey (Thu Dec 19 2002 - 17:37:55 EST)
encoder N30 (Thu Dec 19 2002 - 17:10:17 EST)
Re: Security Paper: Session Fixation Vulnerability in Web-based Applications Bill Pennington (Thu Dec 19 2002 - 16:56:07 EST)
Re: XSS Sverre H. Huseby (Thu Dec 19 2002 - 15:27:25 EST)
Re: Fwd: Security Paper: Session Fixation Vulnerability in Web-based Applications Sverre H. Huseby (Thu Dec 19 2002 - 14:45:48 EST)
Re: SUMMARY modify non-persistent cookies and more q's Kevin Spett (Thu Dec 19 2002 - 10:38:39 EST)
Re: SUMMARY modify non-persistent cookies and more q's Dave Aitel (Thu Dec 19 2002 - 10:25:50 EST)
RE: SUMMARY modify non-persistent cookies and more q's Dawes, Rogan (ZA - Johannesburg) (Thu Dec 19 2002 - 10:22:38 EST)
SUMMARY modify non-persistent cookies and more q's mono toy (Thu Dec 19 2002 - 09:14:32 EST)
Re: modify non-persistent cookies Choong-Fook Fong (Thu Dec 19 2002 - 01:22:13 EST)
Re: post to bugtraq about "session fixation" Alex Russell (Wed Dec 18 2002 - 17:49:52 EST)
Re: post to bugtraq about "session fixation" Kevin Spett (Wed Dec 18 2002 - 16:18:56 EST)
Re: post to bugtraq about "session fixation" Panayiotis A. Thermos (Wed Dec 18 2002 - 15:49:31 EST)
Re: post to bugtraq about "session fixation" securityarchitect(at)hush.com (Wed Dec 18 2002 - 14:28:34 EST)
post to bugtraq about "session fixation" Alex Russell (Wed Dec 18 2002 - 15:13:26 EST)
Re: modify non-persistent cookies Kevin Spett (Wed Dec 18 2002 - 13:20:58 EST)
Fwd: Security Paper: Session Fixation Vulnerability in Web-based Applications Mark Curphey (Wed Dec 18 2002 - 13:33:38 EST)
RE: modify non-persistent cookies Uzi Refaeli (Wed Dec 18 2002 - 02:18:03 EST)
Re: modify non-persistent cookies zeno (Tue Dec 17 2002 - 21:48:20 EST)
Re: modify non-persistent cookies Mr. Rufus Faloofus (Tue Dec 17 2002 - 20:44:23 EST)
Re: modify non-persistent cookies Charles Miller (Tue Dec 17 2002 - 18:19:41 EST)
Re: modify non-persistent cookies securityarchitect(at)hush.com (Tue Dec 17 2002 - 18:05:34 EST)
RE: modify non-persistent cookies Venkat, Sanjay (Tue Dec 17 2002 - 17:57:01 EST)
RE: modify non-persistent cookies Chris Neppes (Tue Dec 17 2002 - 14:37:18 EST)
Re: modify non-persistent cookies MICHAEL GERMONY (Tue Dec 17 2002 - 14:17:19 EST)
RE: modify non-persistent cookies Glyn (Tue Dec 17 2002 - 11:07:59 EST)
Re: modify non-persistent cookies Peter Conrad (Tue Dec 17 2002 - 10:43:46 EST)
Re: XSS and URL Encoded Session IDs Matthew Miller (Tue Dec 17 2002 - 11:56:39 EST)
Re: XSS and URL Encoded Session IDs Ryan Yagatich (Tue Dec 17 2002 - 06:21:38 EST)
RE: XSS and URL Encoded Session IDs The Crocodile (Tue Dec 17 2002 - 07:10:12 EST)
modify non-persistent cookies mono toy (Tue Dec 17 2002 - 05:55:49 EST)
XSS and URL Encoded Session IDs B F (Mon Dec 16 2002 - 15:18:30 EST)
Re: XSS Strings Tomas (Mon Dec 16 2002 - 06:42:40 EST)
RE: XSS Strings Glyn (Mon Dec 16 2002 - 06:23:59 EST)
Re: XSS Strings Jeroen Latour (Mon Dec 16 2002 - 03:49:31 EST)
Re: XSS Strings Martin Eiszner (Mon Dec 16 2002 - 03:39:50 EST)
XSS Strings securityarchitect(at)hush.com (Mon Dec 16 2002 - 02:54:52 EST)
Re: XSS HarryM (Mon Dec 16 2002 - 01:23:45 EST)
Re: XSS appsec(at)technicalinfo.net (Sun Dec 15 2002 - 17:31:05 EST)
RE: forbidden functions on client-side scripts Thor Larholm (Fri Dec 13 2002 - 07:21:17 EST)
Re: forbidden functions on client-side scripts Alonso Robles (Thu Dec 12 2002 - 03:36:39 EST)
Re: Web Application Analysis Tools? Kevin Spett (Thu Dec 12 2002 - 15:54:33 EST)
Java validaton article Andrew Jaquith (Thu Dec 12 2002 - 14:09:39 EST)
RE: Web Application Analysis Tools? Lars Troen (Thu Dec 12 2002 - 13:29:43 EST)
Re: Web Application Analysis Tools? Jeff Williams (at) Aspect (Thu Dec 12 2002 - 14:08:39 EST)
Re: Web Application Analysis Tools? Martin Eiszner (Thu Dec 12 2002 - 13:20:31 EST)
Re: Web Application Analysis Tools? Kevin Spett (Thu Dec 12 2002 - 13:47:00 EST)
Web Application Analysis Tools? David Simcik (Thu Dec 12 2002 - 12:50:27 EST)
RE: forbidden functions on client-side scripts Uzi Refaeli (Thu Dec 12 2002 - 02:12:19 EST)
Re: XSS Matthew Miller (Wed Dec 11 2002 - 16:29:31 EST)
Re: XSS Ed Tracy (at) Aspect Security (Wed Dec 11 2002 - 15:15:50 EST)
forbidden functions on client-side scripts Shimon Silberschlag (Wed Dec 11 2002 - 12:06:18 EST)
Re: XSS Jeff Williams (at) Aspect (Wed Dec 11 2002 - 10:57:47 EST)
ENC: W3C XML encryption specs approved Mads Rasmussen (Wed Dec 11 2002 - 06:36:13 EST)
Re: XSS Stephen de Vries (Wed Dec 11 2002 - 06:00:02 EST)
Re: XSS Matthew Miller (Wed Dec 11 2002 - 08:03:49 EST)
Re: Web single sign-on Andrew Chong (Wed Dec 11 2002 - 04:23:54 EST)
Re: XSS Kevin Spett (Tue Dec 10 2002 - 17:33:34 EST)
RE: XSS Brett Moore (Tue Dec 10 2002 - 16:59:50 EST)
Re: XSS zeno (Tue Dec 10 2002 - 16:59:44 EST)
Re: JSP Security - Limiting URL's mlh(at)zip.com.au (Tue Dec 10 2002 - 17:09:46 EST)
RE: Sequence Identification Routines? securityarchitect(at)hush.com (Tue Dec 10 2002 - 13:02:33 EST)
Re: Apache module: mod_security Gabe Lawrence (Tue Dec 10 2002 - 14:17:51 EST)
Re: Apache module: mod_security zeno (Tue Dec 10 2002 - 13:13:15 EST)
RE: XSS David Endler (Tue Dec 10 2002 - 13:40:08 EST)
Re: XSS zeno (Tue Dec 10 2002 - 13:35:38 EST)
Re: XSS John Madden (Tue Dec 10 2002 - 11:35:55 EST)
FW: Web single sign-on johneder(at)hushmail.com (Tue Dec 10 2002 - 12:06:06 EST)
Re: Apache module: mod_security Ivan Ristic (Tue Dec 10 2002 - 11:35:18 EST)
Re: Web single sign-on Greg Gagnon (Tue Dec 10 2002 - 12:23:32 EST)
RE: XSS Ernesto Funes (Tue Dec 10 2002 - 11:45:25 EST)
Re: Apache module: mod_security Klaus Doerrscheidt (Tue Dec 10 2002 - 11:02:12 EST)
RE: Sequence Identification Routines? Dawes, Rogan (ZA - Johannesburg) (Tue Dec 10 2002 - 11:23:54 EST)
Re: XSS Kevin Spett (Tue Dec 10 2002 - 10:26:06 EST)
Re: Apache module: mod_security Ivan Ristic (Tue Dec 10 2002 - 10:43:32 EST)
Re: Apache module: mod_security Bill Burge (Tue Dec 10 2002 - 10:31:12 EST)
RE: XSS Eyal Udassin (Tue Dec 10 2002 - 10:23:11 EST)
Re: XSS zeno (Tue Dec 10 2002 - 09:57:39 EST)
Re: JSP Security - Limiting URL's Jeremy Poteet (Tue Dec 10 2002 - 09:42:40 EST)
Re: Apache module: mod_security Dave Aitel (Tue Dec 10 2002 - 09:31:47 EST)
Re: JSP Security - Limiting URL's Steve Posick (Tue Dec 10 2002 - 09:48:02 EST)
Re: JSP Security - Limiting URL's Andrew Jaquith (Tue Dec 10 2002 - 09:39:28 EST)
XSS John Madden (Tue Dec 10 2002 - 09:38:53 EST)
Apache module: mod_security Ivan Ristic (Tue Dec 10 2002 - 08:37:33 EST)
Re: JSP Security - Limiting URL's Jeff Williams (at) Aspect (Mon Dec 09 2002 - 21:10:46 EST)
JSP Security - Limiting URL's securityarchitect(at)hush.com (Mon Dec 09 2002 - 17:42:56 EST)
RE: Web single sign-on securityarchitect(at)hush.com (Mon Dec 09 2002 - 16:43:17 EST)
RE: Web single sign-on Sarbjit Singh Gill (Mon Dec 09 2002 - 16:36:50 EST)
Re: Sequence Identification Routines? maddany (Mon Dec 09 2002 - 16:27:36 EST)
Re: Web single sign-on wbjw(at)mindspring.com (Mon Dec 09 2002 - 16:06:03 EST)
RE: Web single sign-on Simon Cunningham (Mon Dec 09 2002 - 15:26:38 EST)
RE: Sequence Identification Routines? Tony Welsh (Mon Dec 09 2002 - 15:18:11 EST)
Re: Web single sign-on securityarchitect(at)hush.com (Mon Dec 09 2002 - 14:54:46 EST)
Re: Sequence Identification Routines? Jeff Williams (at) Aspect (Mon Dec 09 2002 - 11:00:21 EST)
Web single sign-on Marty (Mon Dec 09 2002 - 13:11:46 EST)
Re: Sequence Identification Routines? Charlie Root (Mon Dec 09 2002 - 13:06:03 EST)
Re: Great XML Security Primer Javier Fernández-Sanguino Peña (Mon Dec 09 2002 - 09:48:49 EST)
RE: Computer world article highlighting the importance of webapps ec St. Clair, James (Mon Dec 09 2002 - 07:31:48 EST)
Sequence Identification Routines? Nick Jacobsen (Mon Dec 09 2002 - 03:51:50 EST)
RE: IIS session cookies Kapila, Sai (Sun Dec 08 2002 - 18:57:02 EST)
RE: IIS session cookies Forrest Lee Andrews (Sat Dec 07 2002 - 23:00:23 EST)
OWASP Guide Version 2 - New Authors Wanted Mark Curphey (Sat Dec 07 2002 - 22:13:08 EST)
Re: IIS session cookies securityarchitect(at)hush.com (Sat Dec 07 2002 - 21:51:48 EST)
Re: IIS session cookies Takayuki Nakamura (Thu Dec 05 2002 - 23:43:41 EST)
Re: IIS session cookies Kevin Spett (Thu Dec 05 2002 - 19:34:15 EST)
Computer world article highliting the importance of webappsec Keith T. Morgan (Thu Dec 05 2002 - 19:39:44 EST)
Re: IIS session cookies Cade Cairns (Fri Dec 06 2002 - 02:48:34 EST)
Re: IIS session cookies Kevin Spett (Fri Dec 06 2002 - 10:18:35 EST)
RE: IIS session cookies Michael Howard (Fri Dec 06 2002 - 11:42:41 EST)
IIS session cookies Cade Cairns (Thu Dec 05 2002 - 17:29:32 EST)
Re: Hijacking URL Encoded Session IDs using Referer Logs UDP 53 (Thu Dec 05 2002 - 07:42:06 EST)
Re: Can I obtain BASIC AUTH credentials using an XSS vulnerbility Jill Tovey (Thu Dec 05 2002 - 06:10:36 EST)
Re: Top Ten Web App Sec Problems Steven M. Christey (Wed Dec 04 2002 - 16:39:10 EST)
RE: WebAppSec Training Courses in UK Craig_Sullivan(at)Waitrose.co.uk (Wed Dec 04 2002 - 13:24:37 EST)
RE: WebAppSec Training Courses in UK securityarchitect(at)hush.com (Wed Dec 04 2002 - 12:02:30 EST)
Re: Top Ten Web App Sec Problems Jeff Williams (at) Aspect (Wed Dec 04 2002 - 10:57:39 EST)
RE: WebAppSec Training Courses in UK Craig_Sullivan(at)Waitrose.co.uk (Wed Dec 04 2002 - 10:39:40 EST)
RE: WebAppSec Training Courses in UK Glyn (Wed Dec 04 2002 - 05:18:51 EST)
Re: WebAppSec Training Courses in UK Jeff Williams (at) Aspect (Tue Dec 03 2002 - 22:40:13 EST)
RE: Top Ten Web App Sec Problems b0iler _ (Tue Dec 03 2002 - 21:52:46 EST)
Re: WebAppSec Training Courses in UK Jeff Williams (at) Aspect (Tue Dec 03 2002 - 20:56:30 EST)
Re: WebAppSec Training Courses in UK Kevin Spett (Tue Dec 03 2002 - 21:16:02 EST)
Re: WebAppSec Training Courses in UK Kevin Spett (Tue Dec 03 2002 - 17:27:27 EST)
RE: Top Ten Web App Sec Problems Richard M. Smith (Tue Dec 03 2002 - 16:41:02 EST)
RE: Top Ten Web App Sec Problems Steven M. Christey (Tue Dec 03 2002 - 15:57:05 EST)
RE: WebAppSec Training Courses in UK securityarchitect(at)hush.com (Tue Dec 03 2002 - 14:08:39 EST)
Re: OpenHack and OWASP Testing Methodology jcosta(at)lendleaserei.com (Tue Dec 03 2002 - 14:22:46 EST)
OpenHack and OWASP Testing Methodology David Endler (Tue Dec 03 2002 - 11:08:36 EST)
RE: Top Ten Web App Sec Problems Craig, Scott (Tue Dec 03 2002 - 08:10:48 EST)
RE: WebAppSec Training Courses in UK Glyn Geoghegan (Tue Dec 03 2002 - 04:54:14 EST)
Re: Top Ten Web App Sec Problems Jeff Williams (at) Aspect (Mon Dec 02 2002 - 21:16:17 EST)
Re: Top Ten Web App Sec Problems Marc Slemko (Mon Dec 02 2002 - 20:07:19 EST)
Re: Top Ten Web App Sec Problems Alex Russell (Mon Dec 02 2002 - 20:36:29 EST)
Re: Top Ten Web App Sec Problems Alex Lambert (Mon Dec 02 2002 - 19:44:24 EST)
Re: Top Ten Web App Sec Problems Kevin Spett (Mon Dec 02 2002 - 18:28:03 EST)
Re: Top Ten Web App Sec Problems Andrew Jaquith (Mon Dec 02 2002 - 18:23:12 EST)
RE: Top Ten Web App Sec Problems Richard M. Smith (Mon Dec 02 2002 - 18:13:28 EST)
Re: WebAppSec Training Courses in UK Mark Curphey (Mon Dec 02 2002 - 17:43:08 EST)
Re: WebAppSec Training Courses in UK Kevin Spett (Mon Dec 02 2002 - 17:34:55 EST)
Re: WebAppSec Training Courses in UK Dan Cuthbert (Mon Dec 02 2002 - 16:57:03 EST)
Re: Top Ten Web App Sec Problems Steven M. Christey (Mon Dec 02 2002 - 16:33:55 EST)
WebAppSec Training Courses in UK phuc4(at)hushmail.com (Mon Dec 02 2002 - 11:07:29 EST)
Re: Top Ten Web App Sec Problems Alex Russell (Mon Dec 02 2002 - 13:19:53 EST)
FW: Top Ten Web App Sec Problems Keith T. Morgan (Mon Dec 02 2002 - 11:37:48 EST)
Can I obtain BASIC AUTH credentials using an XSS vulnerbility frank fish (Mon Dec 02 2002 - 10:14:20 EST)
Great XML Security Primer Mark Curphey (Sun Dec 01 2002 - 10:52:05 EST)

166 messages sort by: [ author ] [ date ] [ subject ] [ attachment ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:55 EDT