[WEB SECURITY] (RESULTS) collecting real world web hacking url's

Ofer Shezaf Ofer.Shezaf at breach.com
Wed Jun 1 04:37:05 EDT 2005


I think that you may find this story (from Japan) also interesting:

"Web sites get costly lesson in security"
http://www.asahi.com/english/Herald-asahi/TKY200505180108.html

"Hacker attacked weak point on Kakaku.com's Web site"
http://www.asahi.com/english/Herald-asahi/TKY200505250185.html


It is a good case as it both indicates specifically the use of SQL
injection and also puts a price tag to the breach.

~ Ofer

Ofer Shezaf
CTO, Breach Security
Phone (US): +1 (760) 268.1924 ext. 702
Phone (Israel): +972 (9) 956.0036 ext.212
Cell: +972 (54) 443.1119
ofers at breach.com
http://www.breach.com


> -----Original Message-----
> From: Jeremiah Grossman [mailto:jeremiah at whitehatsec.com]
> Sent: Friday, May 27, 2005 9:01 PM
> To: websecurity at webappsec.org
> Subject: Re: [WEB SECURITY] (RESULTS) collecting real world web
hacking
> url's
> 
> A few more web hacking links have been added. Plus, we also created a
> permanent page on the WASC site under the "useful documents" section
of
> the library. http://www.webappsec.org/web_security_documents.shtml
> 
> Here is the direct link:
> http://www.webappsec.org/documents/real_world_web_hacking.shtml
> 
> 
> Jeremiah-
> 
> 
> On Wednesday, May 25, 2005, at 09:23  AM, Jeremiah Grossman wrote:
> 
> > Thank you everyone who helped out, the turn around time was speedy.
> >
> > Below is the compiled list of links where the article described a
web
> > application security hack of a real-world website. As Jay Dyson
eluded
> > to, the details are sketchy at best, so I did my best to
sanity-check
> > and organize them accordingly (there are likely inaccuracies). The
> > links are separated into two groups, "Disclosure" and
> > "Incident/Compromise", and also organized by date
(oldest-to-newest).
> 
> 
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
> 
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list