security.websecurity (thread)

Stanford Emerging Threats and Defenses Symposium, Neil Daswani
ICANN Approves new top-level domains, robert
- Re: ICANN Approves new top-level domains, romain
- Re: ICANN Approves new top-level domains, kuza55
OWASP 2008 USA, NYC, Tom Brennan
Security testing, Syed Kabeer Ahmed
- RE: Security testing, Spires, Bucky
  - Re: Security testing, Bil Corry
Announcing Scrawlr: SQL Injector and Crawler, Hoffman, Billy
- RE: Announcing Scrawlr: SQL Injector and Crawler, Michael S. Menefee
  - Re: Announcing Scrawlr: SQL Injector and Crawler, Zinho
    - RE: Announcing Scrawlr: SQL Injector and Crawler, Bryan Sullivan
    - RE: Announcing Scrawlr: SQL Injector and Crawler, Hoffman, Billy
    - RE: Announcing Scrawlr: SQL Injector and Crawler, Michael S. Menefee
    - Re: Announcing Scrawlr: SQL Injector and Crawler, Rafal @ IsHackingYou
    - Re: Announcing Scrawlr: SQL Injector and Crawler, Rafal @ IsHackingYou
    - RE: Announcing Scrawlr: SQL Injector and Crawler, Hoffman, Billy
    - Re: Announcing Scrawlr: SQL Injector and Crawler, kuza55
    - Re: Announcing Scrawlr: SQL Injector and Crawler, Oliver Lavery
    - Re: Announcing Scrawlr: SQL Injector and Crawler, Zinho
    - RE: Announcing Scrawlr: SQL Injector and Crawler, Mark Roxberry
    - Re: Announcing Scrawlr: SQL Injector and Crawler, Zinho
    - Re: Announcing Scrawlr: SQL Injector and Crawler, romain
    - Re: Announcing Scrawlr: SQL Injector and Crawler, Zinho
    - Re: Announcing Scrawlr: SQL Injector and Crawler, Zinho
  - Re: Announcing Scrawlr: SQL Injector and Crawler, Curt Wilson
- Re: Announcing Scrawlr: SQL Injector and Crawler, Sven Vetsch / Disenchant
  - RE: Announcing Scrawlr: SQL Injector and Crawler, Hoffman, Billy
    - RE: Announcing Scrawlr: SQL Injector and Crawler, Chris Eng
  - Re: Announcing Scrawlr: SQL Injector and Crawler, Paul Schmehl
Troll post to the WASC list using my name, Arian J. Evans
Re: Hashing and entropy, Oliver Lavery
- Re: Hashing and entropy, Bil Corry
- RE: Hashing and entropy, Martin O'Neal
- Re: Hashing and entropy, Nathanael Hoyle
  - Re: Hashing and entropy, Amit Klein
- Re: Hashing and entropy, Michel Arboi
  - RE: Hashing and entropy, Lavery, Oliver
- RE: Hashing and entropy, Glenn.Everhart
  - RE: Hashing and entropy, Lavery, Oliver
    - RE: Hashing and entropy, Martin O'Neal
    - Re: Hashing and entropy, Nathanael Hoyle
    - RE: Hashing and entropy, Lavery, Oliver
    - RE: Hashing and entropy, Lavery, Oliver
Save the date- Breach Security, OWASP & WASC Cocktail party at BlackHat 08, Heather Cason
The Extended HTML Form attack revisited, Sandro Gauci
- RE: The Extended HTML Form attack revisited, Michael S. Menefee
  - Re: The Extended HTML Form attack revisited, Sandro Gauci
- Re: The Extended HTML Form attack revisited, kuza55
  - Re: The Extended HTML Form attack revisited, Sandro Gauci
JavaScript Code Flow Manipulation & Adobe Flex 3 DOM-based XSS Vulnerability, Ory Segal
[Fwd: Re: username & pw in clear-text through SSL considered safe?], Michele Orru'
username & pw in clear-text through SSL considered safe?, wilke rodriquez
- Re: username & pw in clear-text through SSL considered safe?, Christian Frichot
- Re: username & pw in clear-text through SSL considered safe?, Michele Orru'
  - RE: username & pw in clear-text through SSL considered safe?, Martin O'Neal
  - Re: username & pw in clear-text through SSL considered safe?, Michele Orru'
    - Re: username & pw in clear-text through SSL considered safe?, Michele Orru'
    - RE: username & pw in clear-text through SSL considered safe?, Martin O'Neal
  - Re: username & pw in clear-text through SSL considered safe?, Josh Amishav-Zlatin
    - RE: username & pw in clear-text through SSL considered safe?, Martin O'Neal
- Re: username & pw in clear-text through SSL considered safe?, Bil Corry
  - Re: username & pw in clear-text through SSL considered safe?, Licky Lindsay
    - Re: username & pw in clear-text through SSL considered safe?, Dinis Cruz
    - Re: username & pw in clear-text through SSL considered safe?, James Landis
    - Re: username & pw in clear-text through SSL considered safe?, Bil Corry
    - Re: username & pw in clear-text through SSL considered safe?, Mike Fratto
    - Re: username & pw in clear-text through SSL considered safe?, Bil Corry
    - Re: username & pw in clear-text through SSL considered safe?, Paul Schmehl
    - Re: username & pw in clear-text through SSL considered safe?, Mike Fratto
  - Re: username & pw in clear-text through SSL considered safe?, Mike Fratto
- Re: username & pw in clear-text through SSL considered safe?, Mike Fratto
- Re: username & pw in clear-text through SSL considered safe?, Rohit Lists
  - Re: username & pw in clear-text through SSL considered safe?, Rohit Lists
  - RE: username & pw in clear-text through SSL considered safe?, wilke rodriquez
    - Re: username & pw in clear-text through SSL considered safe?, Chris Varenhorst
    - Re: username & pw in clear-text through SSL considered safe?, Christian Frichot
    - RE: username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - Re: username & pw in clear-text through SSL considered safe?, Ivan Ristic
    - Re: username & pw in clear-text through SSL considered safe?, Nathanael Hoyle
    - Re: username & pw in clear-text through SSL considered safe?, Oliver Lavery
    - RE: username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - Re: username & pw in clear-text through SSL considered safe?, James Landis
    - Re: username & pw in clear-text through SSL considered safe?, Albert Lunde
    - RE: username & pw in clear-text through SSL considered safe?, Alex Stamos
    - Re: username & pw in clear-text through SSL considered safe?, Oliver Lavery
    - RE: username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - RE: username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - Re: username & pw in clear-text through SSL considered safe?, Ivan Ristic
    - RE: username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - Re: username & pw in clear-text through SSL considered safe?, Ivan Ristic
    - RE: username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - Re: username & pw in clear-text through SSL considered safe?, Ivan Ristic
    - RE: username & pw in clear-text through SSL considered safe?, Martin O'Neal
    - Re: username & pw in clear-text through SSL considered safe?, Rafal @ IsHackingYou.com
    - Re: username & pw in clear-text through SSL considered safe?, Arian J. Evans
- Re: username & pw in clear-text through SSL considered safe?, jfvanmeter
  - Re: username & pw in clear-text through SSL considered safe?, James Landis
    - Re: username & pw in clear-text through SSL considered safe?, James Landis
  - Re: username & pw in clear-text through SSL considered safe?, Michele Orru'
  - Re: username & pw in clear-text through SSL considered safe?, Mike Fratto
    - Re: username & pw in clear-text through SSL considered safe?, Paul Schmehl
    - Re: username & pw in clear-text through SSL considered safe?, Licky Lindsay
  - RE: username & pw in clear-text through SSL considered safe?, Smolsky, Shawn J
  - RE: username & pw in clear-text through SSL considered safe?, Martin O'Neal
- RE: username & pw in clear-text through SSL considered safe?, Tom Stripling
- Re: username & pw in clear-text through SSL considered safe?, jfvanmeter
- Re: username & pw in clear-text through SSL considered safe?, Lavery, Oliver
- Re: username & pw in clear-text through SSL considered safe?, Oliver Lavery
  - RE: username & pw in clear-text through SSL considered safe?, Alex Stamos
    - Re: username & pw in clear-text through SSL considered safe?, James Landis
    - Re: username & pw in clear-text through SSL considered safe?, Arian J. Evans
    - Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Lavery, Oliver
    - Re: Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Evan Arians
    - Re: Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Arian J. Evans
    - Re[2]: Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Thierry Zoller
    - Re: Re[2]: Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Rohit Lists
    - RE: Re[2]: Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Dave Sanford
    - Re: Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), ascii
    - RE: Hashing and entropy (was RE: [WEB SECURITY] username & pw in clear-text through SSL considered safe?), Martin O'Neal
    - Javascript Malware, Mailvaganam, Hari
    - Re: Javascript Malware, Bil Corry
    - RE: Javascript Malware, Bemis,Brian M
LifeCycleSecurity Conference 2008 - Call for Presentations, Dennis Hurst
ASP.NET 3.5 Request Validation, Michael S. Menefee
- RE: ASP.NET 3.5 Request Validation, Eric Rachner
  - RE: ASP.NET 3.5 Request Validation, Michael S. Menefee
    - RE: ASP.NET 3.5 Request Validation, Mark Roxberry
ModSecurity Session Fixation rules, Michele Orru'
- Re: ModSecurity Session Fixation rules, Ryan Barnett
HTTP cache poisoning via Host header injection, Carlos
- Re: HTTP cache poisoning via Host header injection, Amit Klein
  - RE: HTTP cache poisoning via Host header injection, Michael S. Menefee
  - RE: HTTP cache poisoning via Host header injection, Michael S. Menefee
    - Re: HTTP cache poisoning via Host header injection, Amit Klein
    - Re: HTTP cache poisoning via Host header injection, Amit Klein
    - Re: HTTP cache poisoning via Host header injection, Bil Corry
    - Re: HTTP cache poisoning via Host header injection, Ivan Ristic
    - Re: HTTP cache poisoning via Host header injection, Bil Corry
Certification CEH, CPT or SANS GIAC GPEN, Katie Riley
- RE: Certification CEH, CPT or SANS GIAC GPEN, Jenkinson, John P (SAIC)
  - Re: Certification CEH, CPT or SANS GIAC GPEN, Shyaam
    - RE: Certification CEH, CPT or SANS GIAC GPEN, Mark Roxberry
    - RE: Certification CEH, CPT or SANS GIAC GPEN, Jenkinson, John P (SAIC)
Vulnerability Disclosure in University, Michele Orru'
- RE: Vulnerability Disclosure in University, steve jensen
  - Re: Vulnerability Disclosure in University, Michele Orru'
XSS Script, Feroz Salman
- Re: XSS Script, Mike Duncan
- Re: XSS Script, Glafkos - InfoSEC \(Information Security Uncensored\)
http header or javascript, application.secure application.secure
- Re: http header or javascript, Marcin Wielgoszewski
  - Re: http header or javascript, Marcin Wielgoszewski
  - RE: http header or javascript, Martin O'Neal
  - RE: http header or javascript, Johnson, Eric
CSRF Help, GsNaseer Gs
- Re: CSRF Help, Bipin Upadhyay
- Re: CSRF Help, bugtraq
- Re: CSRF Help, Neil Daswani
- Re: CSRF Help, Zinho
- Re: CSRF Help, Arian J. Evans
  - Re: CSRF Help, Rimantas Liubertas
XSS Help, GsNaseer Gs
- Re: XSS Help, romain
- Re: XSS Help, Mike Duncan
- Re: XSS Help, Ryan Barnett
  - RE: XSS Help, Hoffman, Billy
HTTP Verb Tampering for Dummies, Arian J. Evans
- RE: HTTP Verb Tampering for Dummies, Arshan Dabirsiaghi
  - Re: HTTP Verb Tampering for Dummies, Adam Muntner
    - RE: HTTP Verb Tampering for Dummies, Arshan Dabirsiaghi
    - Re: HTTP Verb Tampering for Dummies, Arian J. Evans
    - Re: HTTP Verb Tampering for Dummies, Jeff Robertson
    - Re: HTTP Verb Tampering for Dummies, Oliver Lavery
    - Re: HTTP Verb Tampering for Dummies, Jeff Robertson
    - Re: HTTP Verb Tampering for Dummies, Jeff Robertson
AccessMe Tool Now Available, Oliver Lavery
- Re: AccessMe Tool Now Available, Andre Gironda
question about anti-xss applicability of PHP's htmlentities(), Eric Stein
- Re: question about anti-xss applicability of PHP's htmlentities(), Marcin Wielgoszewski
Knowing what's plugged-in?, Jon Kibler
- Re: Knowing what's plugged-in?, Bil Corry
Testing Microsoft Smart Clients [may be OT], Prasad Shenoy
quick question on password reset 'best practices', Joe White
- RE: quick question on password reset 'best practices', White, Dain P
- Re: quick question on password reset 'best practices', Rafal @ IsHackingYou
- Re: quick question on password reset 'best practices', Stephen de Vries
- Re: quick question on password reset 'best practices', James Landis
- Re: quick question on password reset 'best practices', Jeremiah Grossman
  - RE: quick question on password reset 'best practices', White, Dain P
    - Re: quick question on password reset 'best practices', Jeremiah Grossman
    - Re: quick question on password reset 'best practices', bugtraq
    - Re: quick question on password reset 'best practices', Sebastian Schinzel
    - Re: quick question on password reset 'best practices', Jeremiah Grossman
    - RE: quick question on password reset 'best practices', Martin O'Neal
    - Re: quick question on password reset 'best practices', Jeremiah Grossman
    - RE: quick question on password reset 'best practices', Martin O'Neal
    - Re: quick question on password reset 'best practices', Marcin Wielgoszewski
    - Re: quick question on password reset 'best practices', Sebastian Schinzel
    - Re: quick question on password reset 'best practices', Pete Herzog
    - Re: quick question on password reset 'best practices', Stephen de Vries
    - Re: quick question on password reset 'best practices', Jeremiah Grossman
  - Re: quick question on password reset 'best practices', Rafal @ IsHackingYou.com
- Re: quick question on password reset 'best practices', Colin Watson
  - Re: quick question on password reset 'best practices', Pete Herzog
- Re: quick question on password reset 'best practices', Colin Watson
  - Re: quick question on password reset 'best practices', Arian J. Evans
Re: Question about escaping strings in javascript, Evert | Collab
- Re: Question about escaping strings in javascript, Enric Junqué de Fortuny
- RE: Question about escaping strings in javascript, Chris Weber \(Casaba Security\)
- Re: Question about escaping strings in javascript, Arian J. Evans
  - Re: Question about escaping strings in javascript, Evert | Collab