Mailing List Archive For webappsec@securityfocus.com Jan 2003 By Subject

• .NET MVC and RBAC in C#
  • Mark Curphey (Wed Jan 22 2003 - 16:29:34 EST)
• [ANNOUNCEMENT] mod_security 1.4 released
  • Ivan Ristic (Mon Jan 27 2003 - 14:03:33 EST)
• [whisker] How to Analyse Whisker Report
  • rain forest puppy (Wed Jan 29 2003 - 04:23:17 EST)
• Generic User password management
  • Ed Tracy (at) Aspect Security (Mon Jan 27 2003 - 15:14:22 EST)
  • Augusto Paes de Barros (Fri Jan 24 2003 - 09:47:33 EST)
• HTTP Header and POST Data Exploitation
  • Indian Tiger (Thu Jan 09 2003 - 06:43:06 EST)
• JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection
  • Sverre H. Huseby (Sat Jan 04 2003 - 17:15:34 EST)
  • Jeff Williams (at) Aspect (Fri Jan 03 2003 - 14:01:43 EST)
  • Kevin Spett (Fri Jan 03 2003 - 12:01:39 EST)
  • Dave Aitel (Fri Jan 03 2003 - 11:16:50 EST)
  • Kevin Spett (Fri Jan 03 2003 - 11:01:20 EST)
• Lazy sanitizing of data for SQL queries
  • HarryM (Fri Jan 24 2003 - 23:21:47 EST)
  • Lawrence, Gabriel (Fri Jan 24 2003 - 16:30:50 EST)
  • Sverre H. Huseby (Fri Jan 24 2003 - 16:00:21 EST)
  • HarryM (Fri Jan 24 2003 - 15:51:03 EST)
  • Brass, Phil (ISS Atlanta) (Fri Jan 24 2003 - 15:36:14 EST)
  • Sverre H. Huseby (Fri Jan 24 2003 - 15:31:03 EST)
  • HarryM (Fri Jan 24 2003 - 14:09:56 EST)
• List is a little sporadic
  • Mark Curphey (Wed Jan 22 2003 - 16:10:06 EST)
• New Web Vulnerability - Cross-Site Tracing
  • Steven M. Christey (Thu Jan 23 2003 - 21:41:32 EST)
  • Steven M. Christey (Thu Jan 23 2003 - 19:46:45 EST)
  • xss-is-lame(at)hushmail.com (Thu Jan 23 2003 - 19:38:05 EST)
  • Steven M. Christey (Thu Jan 23 2003 - 17:17:34 EST)
  • Richard M. Smith (Thu Jan 23 2003 - 17:48:08 EST)
  • Thor Larholm (Thu Jan 23 2003 - 10:04:19 EST)
  • zeno (Thu Jan 23 2003 - 09:32:34 EST)
  • H D Moore (Thu Jan 23 2003 - 06:36:38 EST)
  • Jeremiah Grossman (Wed Jan 22 2003 - 21:49:46 EST)
  • Tim Greer (Wed Jan 22 2003 - 21:28:08 EST)
  • JAMES J FERRARA (Wed Jan 22 2003 - 22:37:12 EST)
  • Jeremiah Grossman (Wed Jan 22 2003 - 19:25:01 EST)
  • xss-is-lame(at)hushmail.com (Wed Jan 22 2003 - 18:52:20 EST)
  • Jeremiah Grossman (Wed Jan 22 2003 - 17:25:57 EST)
  • xss-is-lame(at)hushmail.com (Wed Jan 22 2003 - 16:31:34 EST)
• New Web Vulnerability - Cross-Site Tracing (fwd)
  • Jeremiah Grossman (Thu Jan 23 2003 - 20:33:59 EST)
  • Marc Slemko (Thu Jan 23 2003 - 14:49:50 EST)
  • Gary Flynn (Thu Jan 23 2003 - 08:12:00 EST)
  • Jeremiah Grossman (Wed Jan 22 2003 - 19:09:41 EST)
  • Marc Slemko (Wed Jan 22 2003 - 18:25:01 EST)
• OWASP Identifies Ten Most Critical Web Application Security Vulnerabilities
  • Jeff Williams (at) Aspect (Sat Jan 18 2003 - 00:14:52 EST)
  • Jeff Williams (at) Aspect (Sun Jan 12 2003 - 23:32:38 EST)
• PHP top ten guide
  • Jeff Williams (at) Aspect (Sat Jan 18 2003 - 16:41:55 EST)
• PL/SQL web application
  • naka (Wed Jan 29 2003 - 00:35:30 EST)
  • Kevin Spett (Tue Jan 28 2003 - 10:38:38 EST)
  • naka (Tue Jan 28 2003 - 09:08:29 EST)
• protecting perl script source
  • H D Moore (Fri Jan 31 2003 - 13:39:57 EST)
  • Jim McGarvey (Thu Jan 30 2003 - 11:35:06 EST)
  • Eyal Udassin (Thu Jan 30 2003 - 04:03:20 EST)
  • Peter Sergeant (Thu Jan 30 2003 - 03:26:03 EST)
  • Ogston, Iain M (Thu Jan 30 2003 - 03:00:11 EST)
  • Tim Valdez (Wed Jan 29 2003 - 20:35:39 EST)
• security of interactive webpages
  • Pig Monkey (Wed Jan 22 2003 - 17:51:47 EST)
  • shadgar(at)cs.bris.ac.uk (Wed Jan 22 2003 - 09:13:29 EST)
• Serverside script injection?
  • joh ket (Fri Jan 10 2003 - 04:05:31 EST)
  • Jeff Williams (at) Aspect (Mon Jan 13 2003 - 10:31:58 EST)
  • Marco Aldegheri (Mon Jan 13 2003 - 08:51:58 EST)
  • JAMES J FERRARA (Mon Jan 13 2003 - 03:41:32 EST)
  • Peter Conrad (Mon Jan 13 2003 - 03:12:48 EST)
• SPIKE Proxy 1.4.7 is now available
  • Dave Aitel (Wed Jan 29 2003 - 17:49:31 EST)
• TRACE used to increase the dangerous of XSS.
  • Phrack (Thu Jan 23 2003 - 20:08:28 EST)
  • Jeremiah Grossman (Thu Jan 23 2003 - 11:03:17 EST)
  • Jason Coombs (Thu Jan 23 2003 - 14:58:51 EST)
  • Thor Larholm (Thu Jan 23 2003 - 12:01:14 EST)
  • Peter Watkins (Thu Jan 23 2003 - 15:28:24 EST)
  • Kevin Spett (Thu Jan 23 2003 - 13:32:13 EST)
  • Richard M. Smith (Thu Jan 23 2003 - 10:26:01 EST)
  • Sverre H. Huseby (Thu Jan 23 2003 - 07:14:25 EST)
  • Thor Larholm (Thu Jan 23 2003 - 04:33:00 EST)
  • Thor Larholm (Thu Jan 23 2003 - 04:10:49 EST)
  • Tim Greer (Wed Jan 22 2003 - 23:32:37 EST)
  • Jeremiah Grossman (Wed Jan 22 2003 - 21:57:11 EST)
  • Jeremiah Grossman (Wed Jan 22 2003 - 21:41:18 EST)
  • Doug Monroe (Wed Jan 22 2003 - 21:28:21 EST)
  • Jeremiah Grossman (Wed Jan 22 2003 - 21:28:15 EST)
  • Richard M. Smith (Wed Jan 22 2003 - 21:06:48 EST)
  • Kevin Spett (Wed Jan 22 2003 - 20:59:42 EST)
  • Jordan Frank (Wed Jan 22 2003 - 20:45:50 EST)
  • Jeremiah Grossman (Wed Jan 22 2003 - 18:35:08 EST)
  • Richard M. Smith (Wed Jan 22 2003 - 17:34:59 EST)
  • Jeremiah Grossman (Wed Jan 22 2003 - 15:32:58 EST)
• vbscript
  • Ernie (Wed Jan 08 2003 - 11:58:02 EST)
  • security(at)zclix.com (Wed Jan 08 2003 - 10:34:04 EST)
  • Marco Aldegheri (Wed Jan 08 2003 - 05:18:10 EST)
  • Dawes, Rogan (ZA - Johannesburg) (Wed Jan 08 2003 - 02:43:51 EST)
  • Forrest Lee Andrews (Tue Jan 07 2003 - 17:41:28 EST)
  • Cade Cairns (Tue Jan 07 2003 - 13:11:20 EST)
• Web single sign-on
  • Zed A.Shaw (Fri Jan 10 2003 - 15:40:48 EST)
• Website "Scanner"
  • Mike Shaw (Thu Jan 09 2003 - 10:39:05 EST)
  • Mary Landesman (Thu Jan 09 2003 - 14:11:56 EST)
  • Martin Eiszner (Fri Jan 10 2003 - 02:23:32 EST)
  • Todd Charron (Thu Jan 09 2003 - 10:03:56 EST)
  • Kevin Spett (Thu Jan 09 2003 - 19:04:43 EST)
  • Ian Griffiths (Sat Jan 11 2003 - 12:23:53 EST)
  • Brass, Phil (ISS Atlanta) (Fri Jan 10 2003 - 12:07:18 EST)
  • glyn(at)corsaire.com (Thu Jan 09 2003 - 08:47:32 EST)
  • Javier Fernandez-Sanguino (Thu Jan 09 2003 - 07:57:14 EST)
  • Pig Monkey (Thu Jan 09 2003 - 18:11:34 EST)
  • Dave Aitel (Thu Jan 09 2003 - 08:41:34 EST)
  • Chris Wysopal (Thu Jan 09 2003 - 10:09:53 EST)
  • Nelson Sampaio Araujo Junior (Wed Jan 08 2003 - 20:51:51 EST)
  • sullo(at)cirt.net (Wed Jan 08 2003 - 21:13:04 EST)
  • Kurt Seifried (Wed Jan 08 2003 - 19:50:50 EST)
  • backed.up.by.2048.bit.encryption(at)hushmail.com (Wed Jan 08 2003 - 18:22:04 EST)
  • Dave Aitel (Wed Jan 08 2003 - 18:09:21 EST)
  • glyng(at)corsaire.com (Wed Jan 08 2003 - 18:24:31 EST)
  • Chris Reining (Wed Jan 08 2003 - 16:13:43 EST)
  • backed.up.by.2048.bit.encryption(at)hushmail.com (Wed Jan 08 2003 - 16:12:44 EST)
  • Joris De Donder (Wed Jan 08 2003 - 17:21:35 EST)
  • Nelson Sampaio Araujo Junior (Wed Jan 08 2003 - 16:46:26 EST)
  • sullo(at)cirt.net (Wed Jan 08 2003 - 17:21:16 EST)
  • Kevin Spett (Wed Jan 08 2003 - 16:12:27 EST)
  • Zimin, Alex (Wed Jan 08 2003 - 16:02:47 EST)
  • Chris Neppes (Wed Jan 08 2003 - 16:00:47 EST)
  • backed.up.by.2048.bit.encryption(at)hushmail.com (Wed Jan 08 2003 - 15:53:34 EST)
• XS(T) attack variants which can, in some cases, eliminate the need for TRACE
  • Amit Klein (Sun Jan 26 2003 - 08:25:23 EST)

  This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:55 EDT