security.web-applications (thread)

SAS 70 and software policies, James Strassburg
Administrivia: At Ruxcon this weekend, Andrew van der Stock
REPOST: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein, Amit Klein (AKsecurity)
Must we authenticate login forms (using SSL?)?, Amir Herzberg
- Re: Must we authenticate login forms (using SSL?)?, info
  - Re: Must we authenticate login forms (using SSL?)?, Antoine Martin
    - RE: Must we authenticate login forms (using SSL?)?, Nathaniel S. H. Brown
    - Re: Must we authenticate login forms (using SSL?)?, Peter Conrad
    - RE: Must we authenticate login forms (using SSL?)?, Nathaniel S. H. Brown
    - Re: Must we authenticate login forms (using SSL?)?, Rogan Dawes
    - Re: Must we authenticate login forms (using SSL?)?, Antoine Martin
    - Re: Must we authenticate login forms (using SSL?)?, Eoin Keary
- Re: Must we authenticate login forms (using SSL?)?, mike03051
Use JCap library to read network traffic, yuthikasgp
Re: webappsec Digest 21 Sep 2005 21:26:31 -0000 Issue 636, Amir Herzberg
Almost Here!!: 2nd US OWASP AppSec Conference - Oct 11-12 - Near DC, Dave Wichers
PacSec05, Dragos Ruiu
Ajax Security discussion for the OWASP Guide, Andrew van der Stock
- Re: Ajax Security discussion for the OWASP Guide, Serg Belokamen
- RE: Ajax Security discussion for the OWASP Guide, Luke Fraser
- Re: Ajax Security discussion for the OWASP Guide, noname
  - Re: Ajax Security discussion for the OWASP Guide, Andre Ludwig
  - Re: Ajax Security discussion for the OWASP Guide, John Manko
    - Re: Ajax Security discussion for the OWASP Guide, focus
HTTP Request Smuggling - ERRATA (the IIS 48K buffer phenomenon), Amit Klein (AKsecurity)
Chroot jails, Steve.Cummings
- Re: Chroot jails, JamesHorwath
- Re: Chroot jails, Antoine Martin
  - Re: Chroot jails, Ingo Struck
    - Re: Chroot jails, Antoine Martin
- Re: Chroot jails, Mamading Ceesay
- Re: Chroot jails, xyberpix
- Re: Chroot jails, Paul Wong
- RE: Chroot jails, Craig Wright
- RE: Chroot jails, Wall, Kevin
Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, Amir Herzberg
HTML/Java Protection, confusionvalley
- Re: HTML/Java Protection, Peter Conrad
  - Re: HTML/Java Protection, Roshen Chandran
- Re: HTML/Java Protection, Mark Quinn
- Re: HTML/Java Protection, Antoine Martin
  - Re: HTML/Java Protection, Yousef Syed
Defending users of unprotected login pages with TrustBar 0.4.9.93, Amir Herzberg
- Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, mike03051
  - Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, Nathan Jackson-Eeles
- Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, J. Lambrecht
- Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, mike03051
  - Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, Peter Conrad
- Re: Re: Defending users of unprotected login pages with TrustBar 0.4.9.93, mike03051
RUXCON 2005 Update, RUXCON Call for Papers
Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS, jimz
- Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS, Paul Laudanski
  - Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS, jimz
Core Application's for Banks, Lila Buchalski
- Re: Core Application's for Banks, Andrew van der Stock
Federated Authentication (without SAML), Gary Gwin
- Re: Federated Authentication (without SAML), Scovetta Labs
- Re: Federated Authentication (without SAML), Mamading Ceesay
Web Application Security Analyzer for PHP-Nuke/phpBB CMS, Paul Laudanski
Research paper on WSE Policy Advisor, Andy Gordon
OWASP NYC Chapter Meeting - Sept 28th, peter . stern
- Re: OWASP NYC Chapter Meeting - Sept 28th, bugtraq
- RE: OWASP NYC Chapter Meeting - Sept 28th, Stan Guzik
- Fwd: OWASP NYC Chapter Meeting - Sept 28th, Andrew van der Stock
Online quiz for CISSP (new material), Saqib Ali
- Re: Online quiz for CISSP (new material), Saqib Ali
- Re: Re: Online quiz for CISSP (new material), conner911
NTLM and man-in-the-middle proxies not working, raymond_b_jimenez
- Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity)
- Re: NTLM and man-in-the-middle proxies not working, raymond_b_jimenez
  - Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity)
    - Re: NTLM and man-in-the-middle proxies not working, Eoin Keary
    - Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity)
    - Re: NTLM and man-in-the-middle proxies not working, Michael Eddington
    - Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity)
    - Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity)
    - Re: NTLM and man-in-the-middle proxies not working, lists
    - Re: NTLM and man-in-the-middle proxies not working, Amit Klein (AKsecurity)
- RE: NTLM and man-in-the-middle proxies not working, raymond_b_jimenez
- Re: NTLM and man-in-the-middle proxies not working, raymond_b_jimenez
  - RE: NTLM and man-in-the-middle proxies not working, Ofer Maor
    - Re: NTLM and man-in-the-middle proxies not working, AG
simplicity improves security?, Saqib Ali
- RE: simplicity improves security?, Simon Zuckerbraun
- Re: simplicity improves security?, Robert Hajime Lanning
Is netcraft publishing URL of your intranet sites?, Saqib Ali
- Re: Is netcraft publishing URL of your intranet sites?, Darren Bounds
  - Re: Is netcraft publishing URL of your intranet sites?, Saqib Ali
    - Re: Is netcraft publishing URL of your intranet sites?, Darren Bounds
    - Re: Is netcraft publishing URL of your intranet sites?, Saqib Ali
    - Re: Is netcraft publishing URL of your intranet sites?, Darren Bounds
- Re: Is netcraft publishing URL of your intranet sites?, Saqib Ali
web application testing framework, Serg Belokamen
- Re: web application testing framework, Patrick Debois
- Re: web application testing framework, Stephen de Vries
- RE: web application testing framework, Dan Cornell
security of _notes dirs, Mailing List
- RE: security of _notes dirs, Griffiths, Ian
- RE: security of _notes dirs, michael acadia
  - RE: security of _notes dirs, Mailing List
    - Re: security of _notes dirs, Michael Acadia
    - Re: security of _notes dirs, Mailing List
    - Re: security of _notes dirs, Greg
    - Re: security of _notes dirs, Peter Conrad
    - Re: security of _notes dirs, Mailing List
Obfuscating IIS 6.0, Bénoni MARTIN
- Re: Obfuscating IIS 6.0, Ademar Gonzalez
Security Issues with Workflow apps, Saqib Ali
- Re: Security Issues with Workflow apps, Anthony Chan
- Re: Security Issues with Workflow apps, Saqib Ali
- Re: Security Issues with Workflow apps, Anthony Chan
Re: BBCode [IMG] [/IMG] Tag Vulnerability, Paul Laudanski
Security Issues with Foxpro 6, nitin patel
ANN: WebGoat 3.7 - Application Security hands-on learning environment, Jeff Williams
ASP.NET Forms Based Auth Whitepaper, Mark Curphey
Early Registration Ending Soon: 2nd US OWASP AppSec Conference - Oct 11-12 - Near DC, Dave Wichers
Re: Code Signing ???, Saqib Ali
- Re: Code Signing ???, Olaf Reitmaier Veracierta
  - Re: Code Signing ???, Saqib Ali
Ajax security reference, Luke Fraser
- Re: Ajax security reference, Serg Belokamen
  - Re: Ajax security reference, John Manko
    - Re: Ajax security reference, Serg Belokamen
    - Re: Ajax security reference, John Manko
    - Re: Ajax security reference, bugtraq
- Re: Ajax security reference, Jean-Jacques Halans
  - Re: Ajax security reference, Eoin Keary
- RE: Ajax security reference, Balaji
- RE: Ajax security reference, Damhuis Anton
Oracle TNS listener, Chitresh Sen
- Re: Oracle TNS listener, Achim Hoffmann
- Re: Oracle TNS listener, Esteban Martinez Fayo
Re: Combatting automated download of dynamic websites?, Achim Hoffmann
- Re: Combatting automated download of dynamic websites?, Eoin Keary
  - Re: Combatting automated download of dynamic websites?, Javier Fernandez-Sanguino
- Fwd: Combatting automated download of dynamic websites?, Mark Quinn
- Re: Combatting automated download of dynamic websites?, Paul M.
  - Re: Combatting automated download of dynamic websites?, Eoin Keary
Re: Defeating CAPTCHA, Christopher Kunz
- Re: Defeating CAPTCHA, Devdas Bhagat
- RE: Defeating CAPTCHA, Derick Anderson