NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > WWW-Mobile-Code> 2002-q3

413 messages sorted by: [ date ] [ thread ] [ subject ]

Starting: Mon Jul 01 2002 - 22:31:58 CDT
Ending: Mon Sep 30 2002 - 09:26:58 CDT

Aaron C. Newman
- Manipulating Microsoft SQL Server Using SQL Injection (Wed Aug 28 2002 - 11:38:02 CDT)
Ajai Khattri
- Re: Entrust vs. Verisign certs (Thu Aug 08 2002 - 17:33:31 CDT)
Alan Pope
- RE: JSP (app security) (Tue Jul 09 2002 - 09:19:22 CDT)
Alberto Cozer
- Re: Access Management Products (Wed Aug 28 2002 - 16:27:11 CDT)
- RE: Entrust vs. Verisign certs (Thu Aug 08 2002 - 20:06:29 CDT)
aleph1_at_securityfocus.com
- Trusted Paths for Browsers: An Open-Source Solution to Web Spoofing (Tue Jul 16 2002 - 01:20:57 CDT)
alex
- Re: Two problems. (Wed Aug 14 2002 - 10:01:51 CDT)
Alex Lambert
- Re: A new approach toward teaching secure coding? (WWW or otherwise) (Fri Sep 06 2002 - 23:33:21 CDT)
- Re: A new approach toward teaching secure coding? (WWW or otherwise) (Wed Aug 28 2002 - 20:03:08 CDT)
- A new approach toward teaching secure coding? (WWW or otherwise) (Mon Aug 26 2002 - 19:29:12 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Sat Aug 24 2002 - 13:34:52 CDT)
- Re: risks of # and & (XSS) (Thu Jul 18 2002 - 21:30:36 CDT)
Alex Russell
- Re: A new approach toward teaching secure coding? (WWW or otherwise) (Mon Sep 09 2002 - 10:32:51 CDT)
- Re: On sessions (rather long) (Thu Aug 29 2002 - 23:43:37 CDT)
- Re: On sessions (rather long) (Thu Aug 29 2002 - 20:30:45 CDT)
- Re: On sessions (rather long) (Thu Aug 29 2002 - 01:56:57 CDT)
- Re: Encryption approach to secure web applications (Wed Aug 28 2002 - 21:41:39 CDT)
- Re: Encryption approach to secure web applications (Wed Aug 28 2002 - 16:27:47 CDT)
- Re: Encryption approach to secure web applications (Wed Aug 28 2002 - 12:10:29 CDT)
- Re: Encryption approach to secure web applications (Tue Aug 27 2002 - 16:36:20 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Mon Aug 26 2002 - 10:53:08 CDT)
- Re: Securing sessions [was: Warning: PHP 4.2 may put session ids in URLs] (Mon Aug 26 2002 - 11:09:35 CDT)
- Re: On sessions (rather long) (Mon Aug 26 2002 - 10:30:31 CDT)
- Re: Securing sessions [was: Warning: PHP 4.2 may put session ids in URLs] (Mon Aug 26 2002 - 10:08:54 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Sun Aug 25 2002 - 22:00:17 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Sun Aug 25 2002 - 17:08:07 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Sun Aug 25 2002 - 14:14:24 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Sat Aug 24 2002 - 14:48:38 CDT)
- Re: asymmetric crypto for storage of cc#s, and separation of responsibilities (Thu Aug 22 2002 - 18:49:00 CDT)
- Re: asymmetric crypto for storage of cc#s, and separation of responsibilities (Thu Aug 22 2002 - 18:25:11 CDT)
- Re: asymmetric crypto for storage of cc#s, and separation of responsibilities (Thu Aug 22 2002 - 18:00:56 CDT)
- Re: asymmetric crypto for storage of cc#s, and separation of responsibilities (Thu Aug 22 2002 - 11:32:09 CDT)
- Re: Slow list moderation for next few weeks (Sun Aug 18 2002 - 12:22:13 CDT)
- Re: Credit Card Validation (Fri Aug 16 2002 - 12:42:06 CDT)
- Re: Two problems. (Wed Aug 14 2002 - 14:04:41 CDT)
- Re: Easy End to XSS (Thu Aug 08 2002 - 14:26:57 CDT)
- Re: Client IP - from client or server? (Thu Aug 08 2002 - 13:24:49 CDT)
- Re: Easy End to XSS (Wed Aug 07 2002 - 18:11:48 CDT)
- Re: Easy End to XSS (Wed Aug 07 2002 - 16:45:46 CDT)
Allan Wind
- Re: Encryption approach to secure web applications (Sat Aug 24 2002 - 11:32:42 CDT)
Alonso Robles
- Re: A new approach toward teaching secure coding? (WWW or otherwise) (Sat Sep 07 2002 - 08:32:14 CDT)
Andrew Blyler
- RE: Warning: PHP 4.2 may put session ids in URLs (Sun Aug 25 2002 - 10:07:43 CDT)
Andrew Jaquith
- Re: =?iso-8859-15?Q?=0D Warning : Security architecture can save your site !?= (Tue Sep 24 2002 - 09:43:59 CDT)
- Re: Easy End to XSS (Wed Aug 07 2002 - 13:34:22 CDT)
Andrew van der Stock
- RE: web authentication (Fri Sep 13 2002 - 01:51:23 CDT)
- RE: asymmetric crypto for storage of cc#s, and separation of responsibilities (Thu Aug 22 2002 - 20:43:59 CDT)
- RE: JSP (app security) (Tue Jul 09 2002 - 18:42:10 CDT)
- RE: JSP (app security) (Tue Jul 09 2002 - 02:28:20 CDT)
Anna Karuba
- RE: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 14:43:56 CDT)
Anthony Baratta
- Re: SIDs in URLs when using HTTPS ? (Fri Sep 20 2002 - 10:33:15 CDT)
b0iler
- Re: Could web browsers help prevent XSS? (Tue Sep 24 2002 - 11:37:05 CDT)
- Could web browsers help prevent XSS? (Sun Sep 22 2002 - 01:09:12 CDT)
- Re: risks of # and & (XSS) (Thu Jul 18 2002 - 22:06:17 CDT)
- OWASP - command execution page. (Wed Jul 17 2002 - 22:03:29 CDT)
b0iler _
- Re: Paper on Web Application Security (Mon Jul 22 2002 - 00:20:21 CDT)
Ben Mord
- RE: asymmetric crypto for storage of cc#s, and separation of responsibilities (Thu Aug 22 2002 - 16:47:36 CDT)
- asymmetric crypto for storage of cc#s, and separation of responsibilities (Thu Aug 22 2002 - 10:50:38 CDT)
- RE: Easy End to XSS (Fri Aug 09 2002 - 15:06:25 CDT)
- Re: Easy End to XSS (Thu Aug 08 2002 - 08:10:20 CDT)
- Re: Easy End to XSS (Wed Aug 07 2002 - 22:02:03 CDT)
- Re: SQL Injections and JDBC (Wed Aug 07 2002 - 22:24:24 CDT)
- RE: Easy End to XSS (Wed Aug 07 2002 - 17:07:27 CDT)
- RE: SQL Injections and JDBC (Wed Aug 07 2002 - 16:36:45 CDT)
- RE: Easy End to XSS (Wed Aug 07 2002 - 15:27:32 CDT)
- RE: Coordinating SSL and session tracking layers to foil session hijacking (Mon Jul 29 2002 - 15:07:54 CDT)
- RE: Coordinating SSL and session tracking layers to foil session hijacking (Fri Jul 26 2002 - 11:53:58 CDT)
- RE: Coordinating SSL and session tracking layers to foil sessionhijacking (Thu Jul 25 2002 - 16:00:40 CDT)
- Coordinating SSL and session tracking layers to foil session hijacking (Thu Jul 25 2002 - 13:52:38 CDT)
- RE: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 14:52:26 CDT)
Benjamin
- SIDs in URLs when using HTTPS ? (Fri Sep 20 2002 - 08:08:33 CDT)
Bennett Todd
- Re: SIDs in URLs when using HTTPS ? (Fri Sep 20 2002 - 10:42:57 CDT)
Bill Pennington
- Re: SIDs in URLs when using HTTPS ? (Fri Sep 20 2002 - 11:56:36 CDT)
- Re: Easy End to XSS (Wed Aug 14 2002 - 17:49:04 CDT)
- Re: Easy End to XSS (Mon Aug 12 2002 - 13:12:38 CDT)
- Re: Client IP - from client or server? (Mon Aug 12 2002 - 10:31:58 CDT)
- Re: Easy End to XSS (Wed Aug 07 2002 - 22:28:33 CDT)
- Re: Cross Site Scripting Vulnerabilities - XSS (Tue Aug 06 2002 - 10:29:08 CDT)
billp_at_boarder.org
- Re: XSS when a session ID is required (Wed Aug 21 2002 - 11:49:15 CDT)
Blake Frantz
- RE: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 16:09:16 CDT)
Bob Lee
- HTTPS Question (Sat Aug 31 2002 - 13:07:34 CDT)
- Re: On sessions (rather long) (Thu Aug 29 2002 - 20:08:40 CDT)
- Re: Easy End to XSS (Thu Aug 08 2002 - 13:53:44 CDT)
- Re: HTTP & SSL Sessions (Thu Aug 08 2002 - 02:01:13 CDT)
- Re: Easy End to XSS (Thu Aug 08 2002 - 00:40:40 CDT)
- HTTP & SSL Sessions (Thu Aug 08 2002 - 01:12:48 CDT)
- Re: SQL Injections and JDBC (Wed Aug 07 2002 - 15:29:03 CDT)
- SQL Injections and JDBC (Wed Aug 07 2002 - 14:21:32 CDT)
- Re: Easy End to XSS (Wed Aug 07 2002 - 14:07:57 CDT)
Breidenbach, Beth
- RE: SQL Injections and JDBC (Wed Aug 28 2002 - 11:41:07 CDT)
Bruce.Morris_at_ernstyoung.com.au
- RE: Entrust vs. Verisign certs (Thu Aug 08 2002 - 18:06:26 CDT)
Bryan Ponnwitz
- RE: Coordinating SSL and session tracking layers to foil sessionhijacking (Fri Jul 26 2002 - 08:13:19 CDT)
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 14:03:32 CDT)
by way of Alex Russell
- Re: Entrust vs. Verisign certs (Thu Aug 08 2002 - 14:03:32 CDT)
- Re: Client IP - from client or server? (Wed Aug 07 2002 - 17:34:25 CDT)
Carlos Heller
- AW: Web Server Log Files - Security Events Analysis (Sat Jul 27 2002 - 02:17:10 CDT)
cathal connolly
- Re: Two problems. (Wed Aug 14 2002 - 18:39:42 CDT)
cdavison_at_nucleus.com
- Re: SIDs in URLs when using HTTPS ? (Fri Sep 20 2002 - 16:17:15 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Fri Aug 23 2002 - 15:39:23 CDT)
- Re: Two problems. (Wed Aug 14 2002 - 11:31:33 CDT)
Chip Andrews
- Re: SQL Injections and JDBC (Wed Aug 07 2002 - 21:32:21 CDT)
- Re: SQL Injections and JDBC (Wed Aug 07 2002 - 16:21:54 CDT)
Chris Huseman
- Re: Help finding a cookie generator (Tue Jul 02 2002 - 15:56:53 CDT)
Chris Reining
- Re: Fw: Usefull tools for finding vulnerabilities in web-based programs? (Wed Sep 18 2002 - 12:46:10 CDT)
Christopher Todd
- RE: Security Practices for MS architecture (Sun Aug 25 2002 - 10:44:15 CDT)
- SSL vulnerability in IE and KDE's Konqueror (Mon Aug 12 2002 - 21:12:14 CDT)
contact_at_draco.mine.nu
- Re: List of open source web apps/tools - auditing/pen test/etc (Sat Sep 28 2002 - 05:30:14 CDT)
Craig Davison
- Re: Warning: PHP 4.2 may put session ids in URLs (Fri Aug 23 2002 - 19:44:14 CDT)
crazytrain.com
- Re: AW: Web Server Log Files - Security Events Analysis (Sun Jul 28 2002 - 13:08:02 CDT)
Cushing, David
- RE: Warning: PHP 4.2 may put session ids in URLs (Wed Sep 04 2002 - 09:05:15 CDT)
- RE: Entrust vs. Verisign certs (Thu Aug 08 2002 - 13:48:50 CDT)
Cyrill Osterwalder
- Re: Access Management Products (Thu Aug 29 2002 - 02:34:11 CDT)
Dan Cuthbert
- Re: List of open source web apps/tools - auditing/pen test/etc (Fri Sep 27 2002 - 15:02:04 CDT)
Daniel Delaney
- Re: Easy End to XSS (Mon Aug 12 2002 - 12:16:49 CDT)
Daniel Hedrick
- Re: On sessions (rather long) (Tue Sep 03 2002 - 07:23:37 CDT)
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 17:18:24 CDT)
Darren Davison
- Re: Two problems. (Wed Aug 14 2002 - 13:54:50 CDT)
Dave Aitel
- Re: Using SPIKE (Fri Sep 27 2002 - 12:58:21 CDT)
- SPIKE Proxy 1.3 Release party at my house! (Thu Sep 26 2002 - 12:54:46 CDT)
- Re: So whats in a good webappsec assesment tool ? (Thu Sep 26 2002 - 08:20:24 CDT)
- Re: Fwd: Usefull tools for finding vulnerabilities in web-based progra ms? (Tue Sep 24 2002 - 08:36:28 CDT)
- Re: Usefull tools for finding vulnerabilities in web-based progra ms? (Tue Sep 24 2002 - 08:21:28 CDT)
- Re: Fw: Usefull tools for finding vulnerabilities in web-based programs? (Wed Sep 18 2002 - 07:37:29 CDT)
- SPIKE Proxy 1.2 in SPIKE 2.6 (Wed Sep 04 2002 - 11:22:41 CDT)
- Re: Cross Site Scripting Vulnerabilities - XSS (Tue Aug 06 2002 - 11:18:37 CDT)
- SPIKE 2.5 and associated vulns (Mon Aug 05 2002 - 19:02:44 CDT)
- SPIKE Proxy 1.1 Released (Mon Jul 22 2002 - 15:48:28 CDT)
- SPIKE Proxy 1.0 Release (Fri Jul 12 2002 - 11:47:57 CDT)
David Endler
- Now Online: OWASP Guide to Building Secure Web Applications v1.1 (Mon Sep 23 2002 - 15:48:58 CDT)
- RE: Warning: PHP 4.2 may put session ids in URLs (Sat Aug 24 2002 - 11:32:43 CDT)
David Garnier
- Re: Two problems. (Wed Aug 14 2002 - 10:20:48 CDT)
David Wong
- Secure Flag on Session ID Cookies (Was RE: XSS when a session ID is required) (Thu Aug 22 2002 - 10:07:23 CDT)
Dawes, Rogan (ZA - Johannesburg)
- RE: SIDs in URLs when using HTTPS ? (Fri Sep 20 2002 - 10:10:04 CDT)
De Ridder, Bavo
- RE: web authentication (Tue Sep 10 2002 - 08:40:12 CDT)
Dennis Groves
- Fwd: Usefull tools for finding vulnerabilities in web-based progra ms? (Thu Sep 19 2002 - 09:37:44 CDT)
dnsadmin_at_cboss.com
- RE: JSP (app security) (Tue Jul 09 2002 - 09:27:25 CDT)
Donoghue, Mark
- RE: web authentication (Tue Sep 10 2002 - 08:46:52 CDT)
Doug Sibley
- Re: Easy End to XSS (Thu Aug 08 2002 - 12:20:18 CDT)
- Re: Easy End to XSS (Wed Aug 07 2002 - 11:17:40 CDT)
- Easy End to XSS (Wed Aug 07 2002 - 10:31:18 CDT)
dwarkeeper
- Re: Two problems. (Wed Aug 14 2002 - 14:40:25 CDT)
Filip Van Laenen
- RE: A new approach toward teaching secure coding? (WWW or otherwi se) (Mon Sep 09 2002 - 02:41:24 CDT)
- RE: asymmetric crypto for storage of cc#s, and separation of resp onsibilities (Fri Aug 23 2002 - 02:12:26 CDT)
Frank DeGilio
- Re: Access Management Products (Wed Aug 28 2002 - 15:09:08 CDT)
Fred Williams
- Re: SIDs in URLs when using HTTPS ? (Fri Sep 20 2002 - 10:21:27 CDT)
freddie.soerensen_at_conares.com
- WG: On sessions (rather long) (Mon Aug 26 2002 - 03:51:27 CDT)
Gabriel Lawrence
- Re: Coordinating SSL and session tracking layers to foil session hijacking (Thu Jul 25 2002 - 15:50:35 CDT)
- Re: Best Practices for passing data via HTTP (Thu Jul 11 2002 - 18:01:59 CDT)
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 14:37:24 CDT)
- Metrics... (Tue Jul 09 2002 - 14:21:49 CDT)
Gal.Rozov_at_eAladdin.com
- Some questions regarding IIS, Certs and Security practices (Tue Aug 27 2002 - 05:33:59 CDT)
- Security Practices for MS architecture (Sun Aug 25 2002 - 03:53:15 CDT)
Gatis Mednis
- Q about PHP and ASP includes (Thu Aug 08 2002 - 03:53:09 CDT)
George W. Capehart
- Re: Two problems. (Wed Aug 14 2002 - 16:56:25 CDT)
Greg Steuck
- Re: Easy End to XSS (Thu Aug 08 2002 - 00:15:08 CDT)
Gregory Steuck
- Re: Warning: PHP 4.2 may put session ids in URLs (Tue Sep 03 2002 - 09:55:48 CDT)
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 16:11:47 CDT)
- URI length limits (was: Best Practices for passing data via HTTP) (Wed Jul 10 2002 - 16:18:03 CDT)
- Re: WebLogic Session IDs (Tue Jul 09 2002 - 20:17:04 CDT)
- Re: JSP (app security) (Tue Jul 09 2002 - 20:12:33 CDT)
- Re: Mime Types and determining an uploaded file type (Thu Jul 04 2002 - 01:27:02 CDT)
H D Moore
- Re: Web Services Vulnerabilities (Wed Jul 24 2002 - 02:43:52 CDT)
Harbar, Spencer
- RE: Two problems. (Wed Aug 14 2002 - 10:52:39 CDT)
Haroon Meer
- Re: Manipulating Microsoft SQL Server Using SQL Injection (+ DNS Tunnels) (Thu Aug 29 2002 - 03:45:45 CDT)
HarryM
- Re: A new approach toward teaching secure coding? (WWW or otherwise) (Sat Sep 07 2002 - 13:03:54 CDT)
- Re: On sessions (rather long) (Mon Sep 02 2002 - 12:42:50 CDT)
Hay, Brennan (Contractor)
- List of open source web apps/tools - auditing/pen test/etc (Fri Sep 27 2002 - 12:50:21 CDT)
Herry
- RE: SQL Injections and JDBC (Thu Aug 08 2002 - 02:37:02 CDT)
Herry Koh
- RE: SQL Injections and JDBC (Fri Aug 09 2002 - 03:52:06 CDT)
Ivan Hernandez
- Re: Two problems. (Thu Aug 15 2002 - 09:28:39 CDT)
- Two problems. (Wed Aug 14 2002 - 09:14:15 CDT)
James Dawson
- Access Management Products (Wed Aug 28 2002 - 10:39:14 CDT)
James Fleming
- Web Server Log Files - Security Events Analysis (Fri Jul 26 2002 - 13:45:46 CDT)
- Web Services Vulnerabilities (Mon Jul 22 2002 - 23:56:04 CDT)
- WebLogic Session IDs (Tue Jul 09 2002 - 00:22:12 CDT)
- Mime Types and determining an uploaded file type (Wed Jul 03 2002 - 21:48:27 CDT)
Jared Lovell
- Re: Web Server Log Files - Security Events Analysis (Sat Jul 27 2002 - 00:38:59 CDT)
Jason
- Re: Encryption approach to secure web applications (Thu Aug 29 2002 - 08:32:51 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Wed Aug 28 2002 - 22:13:53 CDT)
- Re: XSS when a session ID is required (Wed Aug 21 2002 - 08:46:53 CDT)
- Re: XSS when a session ID is required (Tue Aug 20 2002 - 20:59:27 CDT)
- Re: Entrust vs. Verisign certs (Sat Aug 10 2002 - 22:35:16 CDT)
- Re: Entrust vs. Verisign certs (Sat Aug 10 2002 - 23:20:30 CDT)
- Re: Entrust vs. Verisign certs (Sat Aug 10 2002 - 10:38:42 CDT)
- Re: Entrust vs. Verisign certs (Fri Aug 09 2002 - 20:36:34 CDT)
- Re: Coordinating SSL and session tracking layers to foilsessionhijacking (Fri Jul 26 2002 - 12:08:30 CDT)
- Re: Coordinating SSL and session tracking layers to foil session hijacking (Thu Jul 25 2002 - 16:20:39 CDT)
Jason Childers
- RE: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 17:34:42 CDT)
Jason Coombs
- RE: On sessions (rather long) (Tue Sep 03 2002 - 13:41:40 CDT)
- RE: A new approach toward teaching secure coding? (WWW or otherwise) (Fri Aug 30 2002 - 18:11:06 CDT)
- RE: On sessions (rather long) (Thu Aug 29 2002 - 20:32:14 CDT)
- RE: On sessions (rather long) (Thu Aug 29 2002 - 21:05:52 CDT)
- RE: On sessions (rather long) (Wed Aug 28 2002 - 23:22:52 CDT)
- RE: Securing sessions [was: Warning: PHP 4.2 may put session ids in URLs] (Sun Aug 25 2002 - 22:20:48 CDT)
- RE: Warning: PHP 4.2 may put session ids in URLs (Sun Aug 25 2002 - 18:11:44 CDT)
- RE: On sessions (rather long) (Sun Aug 25 2002 - 22:11:19 CDT)
- RE: SSL vulnerability in IE and KDE's Konqueror (Wed Aug 14 2002 - 00:19:20 CDT)
- RE: Coordinating SSL and session tracking layers to foil session hijacking (Thu Jul 25 2002 - 18:49:57 CDT)
- RE: Coordinating SSL and session tracking layers to foil session hijacking (Thu Jul 25 2002 - 15:30:54 CDT)
Jean-Baptiste Marchand
- Re: Do Browsers (IE) really check CRLs correctly? (Mon Sep 16 2002 - 09:25:36 CDT)
Jeff Williams
- Re: SQL Injections and JDBC (Sun Aug 11 2002 - 22:03:34 CDT)
- Re: SQL Injections and JDBC (Wed Aug 07 2002 - 20:50:30 CDT)
- Re: SQL Injections and JDBC (Wed Aug 07 2002 - 19:12:33 CDT)
Jeff Williams _at_ Aspect
- Re: Encryption approach to secure web applications (Wed Aug 28 2002 - 21:02:50 CDT)
- Re: Encryption approach to secure web applications (Wed Aug 28 2002 - 14:58:46 CDT)
- Re: Encryption approach to secure web applications (Tue Aug 27 2002 - 12:46:18 CDT)
Jim Markley
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 16:22:36 CDT)
Joe Durbin
- RE: Two problems. (Wed Aug 14 2002 - 11:04:03 CDT)
joffrey.zehnder_at_freesurf.ch
- Re: On sessions (rather long) (Mon Sep 02 2002 - 04:23:26 CDT)
John Percival
- RE: PHP Programming Guidelines [paper] (Tue Sep 10 2002 - 09:23:02 CDT)
Jonas Anden
- Re: Warning: PHP 4.2 may put session ids in URLs (Tue Aug 27 2002 - 07:36:51 CDT)
- Re: Securing sessions [was: Warning: PHP 4.2 may put session ids in URLs] (Sun Aug 25 2002 - 17:06:24 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Sat Aug 24 2002 - 16:53:34 CDT)
Kalyan Varma
- Re: Best Practices for passing data via HTTP (Thu Jul 11 2002 - 12:42:08 CDT)
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 14:53:34 CDT)
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 14:15:06 CDT)
Keith Smith
- BASIC authentication vs. sessions ID [was: Warning: PHP 4.2 may put session ids in URLs] (Tue Aug 27 2002 - 10:48:36 CDT)
- RE: Securing sessions [was: Warning: PHP 4.2 may put session ids in URLs] (Sun Aug 25 2002 - 19:56:03 CDT)
- Securing sessions [was: Warning: PHP 4.2 may put session ids in URLs] (Sun Aug 25 2002 - 09:38:03 CDT)
Ken Schaefer
- Re: Two problems. (Wed Aug 14 2002 - 21:45:39 CDT)
Kevin Spett
- Re: Usefull tools for finding vulnerabilities in web-based programs? (Thu Sep 19 2002 - 14:29:18 CDT)
- Re: PHP Programming Guidelines [paper] (Tue Sep 10 2002 - 09:04:15 CDT)
- Re: Encryption approach to secure web applications (Wed Aug 28 2002 - 09:54:29 CDT)
- Re: Encryption approach to secure web applications (Tue Aug 27 2002 - 17:52:33 CDT)
- Re: On sessions (rather long) (Mon Aug 26 2002 - 09:28:12 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Fri Aug 23 2002 - 08:27:27 CDT)
- Re: XSS when a session ID is required (Wed Aug 21 2002 - 08:45:10 CDT)
- Re: Client IP - from client or server? (Thu Aug 08 2002 - 16:50:11 CDT)
- Re: Client IP - from client or server? (Thu Aug 08 2002 - 14:40:46 CDT)
- Re: HTTP & SSL Sessions (Thu Aug 08 2002 - 11:44:08 CDT)
- Re: Q about PHP and ASP includes (Thu Aug 08 2002 - 11:05:43 CDT)
- Re: Client IP - from client or server? (Thu Aug 08 2002 - 12:07:13 CDT)
- Re: HTTP & SSL Sessions (Thu Aug 08 2002 - 12:01:59 CDT)
- Re: SQL Injections and JDBC (Wed Aug 07 2002 - 18:56:53 CDT)
- Re: SQL Injections and JDBC (Wed Aug 07 2002 - 18:48:18 CDT)
- Re: Client IP - from client or server? (Wed Aug 07 2002 - 18:45:12 CDT)
- Re: SQL Injections and JDBC (Wed Aug 07 2002 - 15:10:02 CDT)
- Re: Coordinating SSL and session tracking layers to foil session hijacking (Thu Jul 25 2002 - 16:33:04 CDT)
- Re: Cross site sripting (Wed Jul 17 2002 - 13:58:31 CDT)
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 16:57:46 CDT)
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 15:39:46 CDT)
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 14:38:20 CDT)
- Re: JSP (app security) (Tue Jul 09 2002 - 22:40:11 CDT)
Kevin Wharram
- SiteMinder Siebel Integration (Wed Aug 07 2002 - 10:59:10 CDT)
Kurt Seifried
- Re: So whats in a good webappsec assesment tool ? (Thu Sep 26 2002 - 00:02:58 CDT)
- Re: Usefull tools for finding vulnerabilities in web-based progra ms? (Wed Sep 18 2002 - 18:36:08 CDT)
- Re: Entrust vs. Verisign certs (Sat Aug 10 2002 - 22:50:44 CDT)
- Re: Entrust vs. Verisign certs (Sat Aug 10 2002 - 16:37:20 CDT)
- Re: Entrust vs. Verisign certs (Sat Aug 10 2002 - 01:18:13 CDT)
Lars Troen
- RE: Warning: PHP 4.2 may put session ids in URLs (Tue Sep 03 2002 - 17:02:39 CDT)
- RE: HTTPS Question (Sat Aug 31 2002 - 17:01:27 CDT)
- RE: Mozilla and MSIE handle Referer over HTTPS differently (Fri Aug 23 2002 - 04:17:23 CDT)
- RE: Entrust vs. Verisign certs (Thu Aug 08 2002 - 14:11:03 CDT)
Laurian Gridinoc
- Re: Could web browsers help prevent XSS? (Mon Sep 23 2002 - 08:19:06 CDT)
Liam Quinn
- RE: Warning: PHP 4.2 may put session ids in URLs (Sun Aug 25 2002 - 17:00:01 CDT)
M Ponkumar Venkatesh
- Re: SQL Injections and JDBC (Wed Aug 07 2002 - 15:35:22 CDT)
Marc Slemko
- Re: Easy End to XSS (Thu Aug 08 2002 - 13:47:11 CDT)
Marcel Erkens
- Re: Two problems. (Wed Aug 14 2002 - 11:10:46 CDT)
Mario Torre
- Encryption approach to secure web applications (Sat Aug 24 2002 - 06:42:36 CDT)
Mark Curphey
- Bounced mail ? (Sun Sep 29 2002 - 16:34:08 CDT)
- Rational Software employees ? (Sun Sep 29 2002 - 16:27:44 CDT)
- So whats in a good webappsec assesment tool ? (Wed Sep 25 2002 - 15:08:41 CDT)
- Re: OWASP Guide improvements (Sat Sep 21 2002 - 19:13:52 CDT)
- RE: Usefull tools for finding vulnerabilities in web-based progra ms? (Wed Sep 18 2002 - 11:57:17 CDT)
- secure coding thread (Mon Sep 09 2002 - 15:57:00 CDT)
- Re: A new approach toward teaching secure coding? (WWW or otherwise) (Tue Aug 27 2002 - 04:38:35 CDT)
- Slow list moderation for next few weeks (Sun Aug 18 2002 - 09:17:51 CDT)
- Re: Easy End to XSS (Wed Aug 07 2002 - 11:12:30 CDT)
- OWASP Update (Mon Aug 05 2002 - 22:52:53 CDT)
- Good Article about Java Security (Wed Jul 17 2002 - 14:17:13 CDT)
- Post vs GET thread no longer (Thu Jul 11 2002 - 11:32:44 CDT)
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 17:42:44 CDT)
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 14:43:31 CDT)
- webappsec Charter (Mon Jul 01 2002 - 22:31:58 CDT)
Mars T
- Credit Card Validation (Fri Aug 16 2002 - 09:55:57 CDT)
Martin Eiszner
- Re: OWASP - command execution page. (Thu Jul 18 2002 - 15:58:21 CDT)
Marty Block
- RE: Help finding a cookie generator END OF THREAD AND THANKS!!! (Wed Jul 03 2002 - 15:42:25 CDT)
- Help finding a cookie generator (Tue Jul 02 2002 - 13:11:07 CDT)
Masaru Matsunami
- Re: OWASP - command execution page. (Thu Jul 18 2002 - 12:19:54 CDT)
Mathieu Gervais
- Re: SSL vulnerability in IE and KDE's Konqueror (Tue Aug 13 2002 - 10:04:50 CDT)
Matt Sergeant
- New Perl XSS audit tool (Mon Aug 12 2002 - 05:06:39 CDT)
- Re: Best Practices for passing data via HTTP (Thu Jul 11 2002 - 04:05:53 CDT)
Matt Woodyard
- RE: web authentication (Thu Sep 12 2002 - 14:16:12 CDT)
Matthew Hannigan
- Re: Two problems. (Wed Aug 14 2002 - 17:54:02 CDT)
Merlin, The Mage
- Re: Warning: PHP 4.2 may put session ids in URLs (Sat Aug 24 2002 - 13:17:15 CDT)
MICHAEL GERMONY
- Re: Coordinating SSL and session tracking layers to foil session hijacking (Thu Jul 25 2002 - 15:37:20 CDT)
Michael Howard
- RE: SIDs in URLs when using HTTPS ? (Fri Sep 20 2002 - 12:17:40 CDT)
- RE: Do Browsers (IE) really check CRLs correctly? (Tue Sep 17 2002 - 10:50:04 CDT)
- RE: Do Browsers (IE) really check CRLs correctly? (Sat Sep 14 2002 - 10:43:12 CDT)
- RE: Do Browsers (IE) really check CRLs correctly? (Fri Sep 13 2002 - 15:15:38 CDT)
- RE: SQL Injections and JDBC (Wed Aug 07 2002 - 19:12:17 CDT)
Michael Sutton
- RE: Help finding a cookie generator (Tue Jul 02 2002 - 15:35:51 CDT)
Mikael Simonsson
- PHP Programming Guidelines [paper] (Tue Sep 10 2002 - 08:09:57 CDT)
Mike Shaw
- RE: Entrust vs. Verisign certs (Fri Aug 09 2002 - 12:17:31 CDT)
- Re: Client IP - from client or server? (Thu Aug 08 2002 - 14:47:52 CDT)
- Client IP - from client or server? (Wed Aug 07 2002 - 16:30:37 CDT)
moksha faced
- RE: SQL Injections and JDBC (Thu Aug 08 2002 - 18:06:18 CDT)
mushu999_at_NOSPAM.hotmail.com
- Re: Web Server Log Files - Security Events Analysis (Fri Jul 26 2002 - 23:52:13 CDT)
Nedunuri,Srinivas
- RE: A new approach toward teaching secure coding? (WWW or otherwi se) (Mon Sep 09 2002 - 14:43:58 CDT)
Nelson Sampaio Araujo Junior
- Re: Entrust vs. Verisign certs (Mon Aug 12 2002 - 12:35:11 CDT)
- Re: JSP (app security) (Tue Jul 09 2002 - 18:10:45 CDT)
Nick Jacobsen
- Re: Usefull tools for finding vulnerabilities in web-based progra ms? (Wed Sep 18 2002 - 23:54:32 CDT)
- Fw: Usefull tools for finding vulnerabilities in web-based programs? (Tue Sep 17 2002 - 20:00:33 CDT)
- Re: Two problems. (Thu Aug 15 2002 - 21:50:26 CDT)
Nick Lothian
- RE: SQL Injections and JDBC (Mon Aug 12 2002 - 00:40:16 CDT)
- RE: SQL Injections and JDBC (Wed Aug 07 2002 - 22:24:25 CDT)
Nik Cubrilovic
- RE: Warning: PHP 4.2 may put session ids in URLs (Tue Aug 27 2002 - 12:07:43 CDT)
- RE: Client IP - from client or server? (Mon Aug 12 2002 - 09:24:53 CDT)
- Re: HTTP & SSL Sessions (Thu Aug 08 2002 - 09:42:33 CDT)
- RE: JSP (app security) (Tue Jul 09 2002 - 12:48:34 CDT)
Ogle Ron (Rennes)
- RE: web authentication (Tue Sep 10 2002 - 11:22:36 CDT)
- RE: web authentication (Tue Sep 10 2002 - 08:34:31 CDT)
- RE: Warning: PHP 4.2 may put session ids in URLs (Mon Aug 26 2002 - 06:59:44 CDT)
Olaf Weyer
- Cross site sripting (Wed Jul 17 2002 - 10:38:30 CDT)
ONEILL David J
- Re: asymmetric crypto for storage of cc#s, and separation of responsibilities (Thu Aug 22 2002 - 16:28:30 CDT)
Panayiotis A. Thermos
- Re: Client IP - from client or server? (Thu Aug 08 2002 - 16:38:40 CDT)
- Re: Client IP - from client or server? (Thu Aug 08 2002 - 16:25:54 CDT)
- Re: Client IP - from client or server? (Thu Aug 08 2002 - 13:13:13 CDT)
- Re: Client IP - from client or server? (Thu Aug 08 2002 - 09:33:40 CDT)
- Re: Cross site sripting (Wed Jul 17 2002 - 14:39:42 CDT)
Patrice Neff
- Re: Paper on Web Application Security (Sun Aug 04 2002 - 07:39:23 CDT)
- Paper on Web Application Security (Sun Jul 21 2002 - 16:01:11 CDT)
Patrick Johanneson
- RE: Two problems. (Wed Aug 14 2002 - 10:57:43 CDT)
Paul Matheu
- RE: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 16:00:19 CDT)
Peter Conrad
- Re: PHP header() CRLF Injection (Mon Sep 09 2002 - 02:47:38 CDT)
- Re: On sessions (rather long) (Tue Sep 03 2002 - 02:04:35 CDT)
- Re: SSL vulnerability in IE and KDE's Konqueror (Wed Aug 14 2002 - 02:22:28 CDT)
- Re: Coordinating SSL and session tracking layers to foil session hijacking (Fri Jul 26 2002 - 02:28:12 CDT)
- Re: Good Article about Java Security (Thu Jul 18 2002 - 04:56:09 CDT)
- Re: Mime Types and determining an uploaded file type (Thu Jul 04 2002 - 05:56:08 CDT)
Peter Petermann
- RE: Warning: PHP 4.2 may put session ids in URLs (Sun Aug 25 2002 - 17:34:56 CDT)
- RE: Warning: PHP 4.2 may put session ids in URLs (Sat Aug 24 2002 - 10:38:27 CDT)
- RE: Warning: PHP 4.2 may put session ids in URLs (Sat Aug 24 2002 - 05:21:48 CDT)
- RE: Warning: PHP 4.2 may put session ids in URLs (Sat Aug 24 2002 - 05:21:37 CDT)
- RE: Warning: PHP 4.2 may put session ids in URLs (Fri Aug 23 2002 - 11:48:00 CDT)
Qubit
- Re: Two problems. (Wed Aug 14 2002 - 13:04:11 CDT)
Raghavendran H. (SSG) - CTD, Chennai.
- RE: Do Browsers (IE) really check CRLs correctly? (Sat Sep 14 2002 - 06:58:39 CDT)
- Do Browsers (IE) really check CRLs correctly? (Thu Sep 12 2002 - 23:59:06 CDT)
Ryan Barnett
- Apache Security Training - SANS Institute (Thu Aug 01 2002 - 10:52:41 CDT)
Ryan Fox
- RE: JSP (app security) (Tue Jul 09 2002 - 10:28:42 CDT)
Sacha Faust
- Metis 1.4.1 released (Thu Aug 29 2002 - 01:31:47 CDT)
- Metis 1.4 released (Fri Aug 23 2002 - 17:36:41 CDT)
Scott Mulcahy
- RE: JSP (app security) (Tue Jul 09 2002 - 09:42:12 CDT)
Sean Z.
- Re: Coordinating SSL and session tracking layers to foil session hijacking (Fri Jul 26 2002 - 20:01:43 CDT)
Security Architect
- Re: So whats in a good webappsec assesment tool ? (Sun Sep 29 2002 - 16:54:41 CDT)
- (no subject) (Sun Sep 29 2002 - 16:38:00 CDT)
- =?iso-8859-15?Q?=0D Warning : Security architecture can save your site !?= (Mon Sep 23 2002 - 22:57:39 CDT)
Shashank Rai
- RE: Usefull tools for finding vulnerabilities in web-based programs? (Wed Sep 18 2002 - 11:52:32 CDT)
Soriano, Raymond (US - Miami)
- RE: web authentication (Tue Sep 10 2002 - 09:14:01 CDT)
ssgill_at_starhub.net.sg
- Re: JSP (app security) (Wed Jul 10 2002 - 00:16:29 CDT)
stephen
- Re: XSS when a session ID is required (Wed Aug 21 2002 - 09:22:56 CDT)
- Re: XSS when a session ID is required (Wed Aug 21 2002 - 09:33:00 CDT)
- Re: XSS when a session ID is required (Wed Aug 21 2002 - 04:53:55 CDT)
- XSS when a session ID is required (Tue Aug 20 2002 - 04:00:47 CDT)
- Re: Cross Site Scripting Vulnerabilities - XSS (Tue Aug 06 2002 - 11:35:16 CDT)
Steve Mcilwain
- Re: Warning: PHP 4.2 may put session ids in URLs (Sun Aug 25 2002 - 20:19:55 CDT)
Steven Fling
- Best Practices for passing data via HTTP (Wed Jul 10 2002 - 13:36:05 CDT)
Steven J. Sobol
- Re: Warning: PHP 4.2 may put session ids in URLs (Wed Sep 04 2002 - 12:28:58 CDT)
- Re: Easy End to XSS (Mon Aug 12 2002 - 13:46:57 CDT)
- Re: Client IP - from client or server? (Mon Aug 12 2002 - 12:11:26 CDT)
- RE: Entrust vs. Verisign certs (Mon Aug 12 2002 - 12:15:01 CDT)
- Re: Easy End to XSS (Mon Aug 12 2002 - 12:06:46 CDT)
Stig Jorgensen
- RE: Securing sessions [was: Warning: PHP 4.2 may put session ids in URLs] (Wed Aug 28 2002 - 10:17:00 CDT)
strange_at_nsk.yi.org
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 16:16:24 CDT)
sunzi
- Re: Interesting scan (Fri Aug 23 2002 - 16:50:00 CDT)
- Re: Q about PHP and ASP includes (Thu Aug 08 2002 - 09:40:32 CDT)
Sverre H. Huseby
- PenProxy - an extremely simple web pen-test proxy (Fri Sep 27 2002 - 07:17:59 CDT)
- Re: SIDs in URLs when using HTTPS ? (Fri Sep 20 2002 - 11:20:11 CDT)
- Re: A new approach toward teaching secure coding? (WWW or otherwise) (Mon Sep 09 2002 - 13:54:14 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Wed Sep 04 2002 - 16:41:09 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Tue Aug 27 2002 - 15:49:11 CDT)
- Re: A new approach toward teaching secure coding? (WWW or otherwise) (Tue Aug 27 2002 - 05:55:58 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Mon Aug 26 2002 - 03:48:12 CDT)
- Re: Securing sessions [was: Warning: PHP 4.2 may put session ids in URLs] (Mon Aug 26 2002 - 11:43:25 CDT)
- Re: On sessions (rather long) (Mon Aug 26 2002 - 02:29:39 CDT)
- Re: Securing sessions [was: Warning: PHP 4.2 may put session ids in URLs] (Mon Aug 26 2002 - 00:54:26 CDT)
- Re: Securing sessions [was: Warning: PHP 4.2 may put session ids in URLs] (Sun Aug 25 2002 - 17:38:11 CDT)
- On sessions (rather long) (Sun Aug 25 2002 - 09:42:18 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Sat Aug 24 2002 - 05:37:21 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Sat Aug 24 2002 - 05:31:06 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Sat Aug 24 2002 - 03:46:38 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Fri Aug 23 2002 - 16:32:43 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Fri Aug 23 2002 - 12:00:17 CDT)
- Re: Warning: PHP 4.2 may put session ids in URLs (Fri Aug 23 2002 - 08:45:40 CDT)
- Warning: PHP 4.2 may put session ids in URLs (Fri Aug 23 2002 - 02:34:53 CDT)
- Mozilla and MSIE handle Referer over HTTPS differently (Thu Aug 22 2002 - 13:40:43 CDT)
- Re: Easy End to XSS (Wed Aug 14 2002 - 12:01:26 CDT)
Tom Emerson
- Re: Mime Types and determining an uploaded file type (Thu Jul 04 2002 - 07:48:51 CDT)
Tony Welsh
- RE: Credit Card Validation (Fri Aug 16 2002 - 13:00:54 CDT)
Ulf Harnhammar
- OWASP Guide improvements (Sat Sep 21 2002 - 18:12:32 CDT)
Ulf H{rnhammar
- Re: List of open source web apps/tools - auditing/pen test/etc (Fri Sep 27 2002 - 15:06:49 CDT)
Venkat, Sanjay
- RE: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 15:47:11 CDT)
Vince Hoffman
- RE: Usefull tools for finding vulnerabilities in web-based progra ms? (Wed Sep 18 2002 - 08:21:30 CDT)
Vitaly Osipov
- Re: Help finding a cookie generator (Wed Jul 03 2002 - 15:19:25 CDT)
- Re: Help finding a cookie generator (Tue Jul 02 2002 - 15:12:13 CDT)
Vitor Ventura
- RE: SQL Injections and JDBC (Wed Aug 28 2002 - 08:27:52 CDT)
- RE: Client IP - from client or server? (Mon Aug 12 2002 - 06:27:48 CDT)
- RE: Help finding a cookie generator (Wed Jul 03 2002 - 03:59:38 CDT)
Wall, Kevin
- RE: Do Browsers (IE) really check CRLs correctly? (Fri Sep 13 2002 - 12:35:07 CDT)
- RE: JSP (app security) (Tue Jul 09 2002 - 14:48:52 CDT)
Wang, Jack
- RE: web authentication (Tue Sep 10 2002 - 09:45:13 CDT)
- RE: web authentication (Tue Sep 10 2002 - 09:23:45 CDT)
- web authentication (Tue Sep 10 2002 - 08:29:40 CDT)
webappsec-help_at_securityfocus.com
- ezmlm probe (Sat Aug 03 2002 - 11:53:59 CDT)
- ezmlm warning (Mon Jul 22 2002 - 15:34:58 CDT)
Wm. G. Urquhart
- Re: Two problems. (Wed Aug 14 2002 - 10:50:13 CDT)
Woodworth, Lora
- Entrust vs. Verisign certs (Thu Aug 08 2002 - 13:21:39 CDT)
zeno
- Book Review "Web hacking: attacks and defense" (Sun Sep 29 2002 - 21:13:33 CDT)
- Re: Encryption approach to secure web applications (Sat Aug 24 2002 - 14:00:29 CDT)
- Re: Interesting scan (Sat Aug 24 2002 - 13:01:10 CDT)
- Interesting scan (Fri Aug 23 2002 - 12:14:38 CDT)
- risks of # and & (XSS) (Thu Jul 18 2002 - 17:53:11 CDT)
- Re: Best Practices for passing data via HTTP (Wed Jul 10 2002 - 14:04:36 CDT)
zod
- Using SPIKE (Fri Sep 27 2002 - 06:56:57 CDT)

Last message date: Mon Sep 30 2002 - 09:26:58 CDT
Archived on: Mon Sep 30 2002 - 09:26:59 CDT

413 messages sorted by: [ date ] [ thread ] [ subject ]