[WEB SECURITY] best tool for web app scanning / pen testing (Phil Gmail)

Dave Cline dcline at proofpoint.com
Wed Mar 6 15:34:48 EST 2013


W.R.T. commercial tools: I've been quite happy with NTO Spider.

http://www.ntobjectives.com/security-software/ntospider-application-security-scanner/

________________________________________
From: websecurity [websecurity-bounces at lists.webappsec.org] on behalf of websecurity-request at lists.webappsec.org [websecurity-request at lists.webappsec.org]
Sent: Wednesday, March 06, 2013 11:10 AM
To: websecurity at lists.webappsec.org
Subject: websecurity Digest, Vol 27, Issue 7

Send websecurity mailing list submissions to
        websecurity at lists.webappsec.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://urldefense.proofpoint.com/v1/url?u=http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=4aa4fa2605df01e8fd6bd37b5bd91193b41c853a3cbe63ddaa2c43655d51d860

or, via email, send a message with subject or body 'help' to
        websecurity-request at lists.webappsec.org

You can reach the person managing the list at
        websecurity-owner at lists.webappsec.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of websecurity digest..."


Today's Topics:

   1.  Unauthorized Access: Bypassing PHP strcmp() (Danux)
   2. Re:  best tool for web app scanning / pen testing (Phil Gmail)
   3. Re:  best tool for web app scanning / pen testing (Daniel Herrera)
   4. Re:  best tool for web app scanning / pen testing (Daniel Herrera)


----------------------------------------------------------------------

Message: 1
Date: Sun, 3 Mar 2013 03:43:28 -0800
From: Danux <danuxx at gmail.com>
To: web security <websecurity at webappsec.org>
Subject: [WEB SECURITY] Unauthorized Access: Bypassing PHP strcmp()
Message-ID:
        <CAL7A2DwqggpV_SkTkenPmZr=vNcTgj9SA0OSQ-KW7eNi+0N2=Q at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hope you enjoy it.

https://urldefense.proofpoint.com/v1/url?u=http://danuxx.blogspot.com/2013/03/unauthorized-access-bypassing-php-strcmp.html&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=244016db5201c7aea94a543e7724e256228ace3ffbc28f23b4a0d65313c4dd1d

--
DanUx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://urldefense.proofpoint.com/v1/url?u=http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20130303/0773524b/attachment-0001.html&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=dff3eb9374fc2c01eea2224a58e60a0e5be939290e278751a752442f94f3738e>

------------------------------

Message: 2
Date: Tue, 5 Mar 2013 18:46:05 -0800
From: Phil Gmail <phil at safewalls.net>
To: Zippy Zeppoli <zippyzeppoli at gmail.com>
Cc: "websecurity at lists.webappsec.org"
        <websecurity at lists.webappsec.org>
Subject: Re: [WEB SECURITY] best tool for web app scanning / pen
        testing
Message-ID: <7E1B890F-352D-41F1-9B0B-D34E05221F3D at safewalls.net>
Content-Type: text/plain;       charset=us-ascii

Id recommend Burp Pro, but it is not an automated tool. Www.burpsuite.com

Phil
Sent from iPhone
Twitter: @sec_prof

On Mar 5, 2013, at 17:53, Zippy Zeppoli <zippyzeppoli at gmail.com> wrote:

> Hello,
> I am looking for a solution to do web application vulnerability
> scanning / testing.
> IBM's rational appscan seems like a good solution, and I've used it in the past.
> The only problem seems to be the IBM part. I'm trying to engage them
> for a trial license that doesn't only scan some useless webgoat, and
> test it on my own app.
>
> I'm getting kind of dismayed with the responsiveness, so I'm wondering
> if there are better *commercial* solutions out there which are ready
> to go out of the box.
> I'd love to use open source tools, but I don't have the time to do the
> engineering part since I'm overburdened.
>
> Thanks for your tips.
>
> Z
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> https://urldefense.proofpoint.com/v1/url?u=http://www.webappsec.org/rss/websecurity.rss&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=dd6027a3de0c6301f5f23054f3231a8f9d4e834aecec690283858c1af80a564f
>
> Join WASC on LinkedIn https://urldefense.proofpoint.com/v1/url?u=http://www.linkedin.com/e/gis/83336/4B20E4374DBA&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=87e9d20ba6c3dbe7dc8bbdd2928f2fd364b8236191bb33a0a4a26b28edb30860
>
> WASC on Twitter
> https://urldefense.proofpoint.com/v1/url?u=http://twitter.com/wascupdates&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=b2cbc62f16eb56707177f4b255c79ffed8b33f57f6de62c78161c9b47fcad4c8
>
> websecurity at lists.webappsec.org
> https://urldefense.proofpoint.com/v1/url?u=http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=4aa4fa2605df01e8fd6bd37b5bd91193b41c853a3cbe63ddaa2c43655d51d860



------------------------------

Message: 3
Date: Wed, 6 Mar 2013 11:06:42 -0800 (PST)
From: Daniel Herrera <daherrera101 at yahoo.com>
To: Zippy Zeppoli <zippyzeppoli at gmail.com>, Phil Gmail
        <phil at safewalls.net>
Cc: "websecurity at lists.webappsec.org"
        <websecurity at lists.webappsec.org>
Subject: Re: [WEB SECURITY] best tool for web app scanning / pen
        testing
Message-ID:
        <1362596802.11569.YahooMailClassic at web160201.mail.bf1.yahoo.com>
Content-Type: text/plain; charset="us-ascii"

Sooo... web application scanners that provide trial licenses with limiters like target domains can be circumvented by statically resolving their target domain to an IP of your choosing on the environment that you are running that application from. Note that your target application must accept arbitrary "Host" header entries.

Some interesting options to look into would be:

Netsparker
https://urldefense.proofpoint.com/v1/url?u=http://www.mavitunasecurity.com/netsparker/&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=3740b0200ae5e7e662de49d2297ee1d4599caaf93709db7b25e3a3839c9c8225

Websecurify
https://urldefense.proofpoint.com/v1/url?u=http://www.websecurify.com/suite&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=6f4b03b9b93dbf98cd937662497d2f1a9ef0cba0bd5fa9f475ae6b054a952868

Personally I don't put much faith in automated assessment utilities both open and closed source. There are a lot of common flaws and pitfalls that can negatively impact a scan and the quality of its output.

I always recommend that people move past the tools and dig into the concepts themselves, unlike network interrogation which in my opinion has a far more finite set of test cases, application interrogation is very complex and difficult to do generically well across the myriad of implementations people come up with daily... literally. All that said, many of the paid solutions have been working on the problem for a while and they set a decent bar, hybrid solutions like Whitehat that provide managed scanning tend to perform better than their unmanaged counterparts in my opinion.

/morning ramble

I didn't see your original question to the list, so this is the best answer I could provide within the context of what I saw.


D



--- On Tue, 3/5/13, Phil Gmail <phil at safewalls.net> wrote:

From: Phil Gmail <phil at safewalls.net>
Subject: Re: [WEB SECURITY] best tool for web app scanning / pen testing
To: "Zippy Zeppoli" <zippyzeppoli at gmail.com>
Cc: "websecurity at lists.webappsec.org" <websecurity at lists.webappsec.org>
Date: Tuesday, March 5, 2013, 6:46 PM

Id recommend Burp Pro, but it is not an automated tool. Www.burpsuite.com

Phil
Sent from iPhone
Twitter: @sec_prof

On Mar 5, 2013, at 17:53, Zippy Zeppoli <zippyzeppoli at gmail.com> wrote:

> Hello,
> I am looking for a solution to do web application vulnerability
> scanning / testing.
> IBM's rational appscan seems like a good solution, and I've used it in the past.
> The only problem seems to be the IBM part. I'm trying to engage them
> for a trial license that doesn't only scan some useless webgoat, and
> test it on my own app.
>
> I'm getting kind of dismayed with the responsiveness, so I'm wondering
> if there are better *commercial* solutions out there which are ready
> to go out of the box.
> I'd love to use open source tools, but I don't have the time to do the
> engineering part since I'm overburdened.
>
> Thanks for your tips.
>
> Z
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> https://urldefense.proofpoint.com/v1/url?u=http://www.webappsec.org/rss/websecurity.rss&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=dd6027a3de0c6301f5f23054f3231a8f9d4e834aecec690283858c1af80a564f
>
> Join WASC on LinkedIn https://urldefense.proofpoint.com/v1/url?u=http://www.linkedin.com/e/gis/83336/4B20E4374DBA&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=87e9d20ba6c3dbe7dc8bbdd2928f2fd364b8236191bb33a0a4a26b28edb30860
>
> WASC on Twitter
> https://urldefense.proofpoint.com/v1/url?u=http://twitter.com/wascupdates&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=b2cbc62f16eb56707177f4b255c79ffed8b33f57f6de62c78161c9b47fcad4c8
>
> websecurity at lists.webappsec.org
> https://urldefense.proofpoint.com/v1/url?u=http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=4aa4fa2605df01e8fd6bd37b5bd91193b41c853a3cbe63ddaa2c43655d51d860

_______________________________________________
The Web Security Mailing List

WebSecurity RSS Feed
https://urldefense.proofpoint.com/v1/url?u=http://www.webappsec.org/rss/websecurity.rss&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=dd6027a3de0c6301f5f23054f3231a8f9d4e834aecec690283858c1af80a564f

Join WASC on LinkedIn https://urldefense.proofpoint.com/v1/url?u=http://www.linkedin.com/e/gis/83336/4B20E4374DBA&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=87e9d20ba6c3dbe7dc8bbdd2928f2fd364b8236191bb33a0a4a26b28edb30860

WASC on Twitter
https://urldefense.proofpoint.com/v1/url?u=http://twitter.com/wascupdates&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=b2cbc62f16eb56707177f4b255c79ffed8b33f57f6de62c78161c9b47fcad4c8

websecurity at lists.webappsec.org
https://urldefense.proofpoint.com/v1/url?u=http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=4aa4fa2605df01e8fd6bd37b5bd91193b41c853a3cbe63ddaa2c43655d51d860
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://urldefense.proofpoint.com/v1/url?u=http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20130306/ca5f8748/attachment-0001.html&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=2af77e7c48b748ca4f7a4ad52f6789aa31046c4bbc72aab1c864010847380453>

------------------------------

Message: 4
Date: Wed, 6 Mar 2013 11:10:36 -0800 (PST)
From: Daniel Herrera <daherrera101 at yahoo.com>
To: Zippy Zeppoli <zippyzeppoli at gmail.com>, Phil Gmail
        <phil at safewalls.net>
Cc: "websecurity at lists.webappsec.org"
        <websecurity at lists.webappsec.org>
Subject: Re: [WEB SECURITY] best tool for web app scanning / pen
        testing
Message-ID:
        <1362597036.21770.YahooMailClassic at web160205.mail.bf1.yahoo.com>
Content-Type: text/plain; charset="us-ascii"

"Web application scanners that provide trial licenses with limiters like
target domains can be circumvented by statically resolving their target
domain to an IP of your choosing on the environment that you are running
 the scanner from."

--- On Wed, 3/6/13, Daniel Herrera <daherrera101 at yahoo.com> wrote:

From: Daniel Herrera <daherrera101 at yahoo.com>
Subject: Re: [WEB SECURITY] best tool for web app scanning / pen testing
To: "Zippy Zeppoli" <zippyzeppoli at gmail.com>, "Phil Gmail" <phil at safewalls.net>
Cc: "websecurity at lists.webappsec.org" <websecurity at lists.webappsec.org>
Date: Wednesday, March 6, 2013, 11:06 AM

Sooo... web application scanners that provide trial licenses with limiters like target domains can be circumvented by statically resolving their target domain to an IP of your choosing on the environment that you are running that application from. Note that your target application must accept arbitrary "Host" header entries.

Some interesting options to look into would be:

Netsparker
https://urldefense.proofpoint.com/v1/url?u=http://www.mavitunasecurity.com/netsparker/&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=3740b0200ae5e7e662de49d2297ee1d4599caaf93709db7b25e3a3839c9c8225

Websecurify
https://urldefense.proofpoint.com/v1/url?u=http://www.websecurify.com/suite&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=6f4b03b9b93dbf98cd937662497d2f1a9ef0cba0bd5fa9f475ae6b054a952868

Personally I don't put much faith in automated assessment utilities both open and closed source. There are a lot of common flaws and pitfalls that can negatively impact a scan and the quality of its output.

I always recommend that people move past the tools and dig into the concepts themselves, unlike network interrogation which in my opinion has a far
 more finite set of test cases, application interrogation is very complex and difficult to do generically well across the myriad of implementations people come up with daily... literally. All that said, many of the paid solutions have been working on the problem for a while and they set a decent bar, hybrid solutions like Whitehat that provide managed scanning tend to perform better than their unmanaged counterparts in my opinion.

/morning ramble

I didn't see your original question to the list, so this is the best answer I could provide within the context of what I saw.


D



--- On Tue, 3/5/13, Phil Gmail <phil at safewalls.net> wrote:

From: Phil Gmail <phil at safewalls.net>
Subject: Re: [WEB SECURITY] best tool for web app scanning / pen testing
To: "Zippy Zeppoli"
 <zippyzeppoli at gmail.com>
Cc: "websecurity at lists.webappsec.org" <websecurity at lists.webappsec.org>
Date: Tuesday, March 5, 2013, 6:46 PM

Id recommend Burp Pro, but it is not an automated tool. Www.burpsuite.com

Phil
Sent from iPhone
Twitter: @sec_prof

On Mar 5, 2013, at 17:53, Zippy Zeppoli <zippyzeppoli at gmail.com> wrote:

> Hello,
> I am looking for a solution to do web application vulnerability
> scanning / testing.
> IBM's rational appscan seems like a good solution, and I've used it in the past.
> The only problem seems to be the IBM part. I'm trying to engage them
> for a trial license that doesn't only scan some useless webgoat, and
> test it on my own app.
>
> I'm getting kind of dismayed with the responsiveness, so I'm
 wondering
> if there are better *commercial* solutions out there which are ready
> to go out of the box.
> I'd love to use open source tools, but I don't have the time to do the
> engineering part since I'm overburdened.
>
> Thanks for your tips.
>
> Z
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> https://urldefense.proofpoint.com/v1/url?u=http://www.webappsec.org/rss/websecurity.rss&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=dd6027a3de0c6301f5f23054f3231a8f9d4e834aecec690283858c1af80a564f
>
> Join WASC on LinkedIn https://urldefense.proofpoint.com/v1/url?u=http://www.linkedin.com/e/gis/83336/4B20E4374DBA&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=87e9d20ba6c3dbe7dc8bbdd2928f2fd364b8236191bb33a0a4a26b28edb30860
>
> WASC on Twitter
> https://urldefense.proofpoint.com/v1/url?u=http://twitter.com/wascupdates&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=b2cbc62f16eb56707177f4b255c79ffed8b33f57f6de62c78161c9b47fcad4c8
>
> websecurity at lists.webappsec.org
> https://urldefense.proofpoint.com/v1/url?u=http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=4aa4fa2605df01e8fd6bd37b5bd91193b41c853a3cbe63ddaa2c43655d51d860

_______________________________________________
The Web Security Mailing List

WebSecurity RSS Feed
https://urldefense.proofpoint.com/v1/url?u=http://www.webappsec.org/rss/websecurity.rss&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=dd6027a3de0c6301f5f23054f3231a8f9d4e834aecec690283858c1af80a564f

Join WASC on LinkedIn https://urldefense.proofpoint.com/v1/url?u=http://www.linkedin.com/e/gis/83336/4B20E4374DBA&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=87e9d20ba6c3dbe7dc8bbdd2928f2fd364b8236191bb33a0a4a26b28edb30860

WASC on Twitter
https://urldefense.proofpoint.com/v1/url?u=http://twitter.com/wascupdates&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=b2cbc62f16eb56707177f4b255c79ffed8b33f57f6de62c78161c9b47fcad4c8

websecurity at lists.webappsec.org
https://urldefense.proofpoint.com/v1/url?u=http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=4aa4fa2605df01e8fd6bd37b5bd91193b41c853a3cbe63ddaa2c43655d51d860
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://urldefense.proofpoint.com/v1/url?u=http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20130306/03cd94f3/attachment.html&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=6c4bf011a60388fae060afca724f0cc27adc5d4a8d337e483074ea4d86bed818>

------------------------------

Subject: Digest Footer

_______________________________________________
websecurity mailing list
websecurity at lists.webappsec.org
https://urldefense.proofpoint.com/v1/url?u=http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org&k=35L3AlEzDkxJZJYRnSa8lg%3D%3D%0A&r=pSwojCEaj1otlJcBRkOwFQ%2FCmK1q3cMCZ0Cja%2BE2uCE%3D%0A&m=q%2B%2FXXFAjSj17cvZlZZJ%2FBQQ58JQeg8N71rgYZKC%2BFaE%3D%0A&s=4aa4fa2605df01e8fd6bd37b5bd91193b41c853a3cbe63ddaa2c43655d51d860


------------------------------

End of websecurity Digest, Vol 27, Issue 7
******************************************




More information about the websecurity mailing list