jetlib.sec » Tags » owasp

Feeds

133444 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

41 items tagged "owasp"

Related tags: web [+], appsec [+], web application developers [+], source [+], security [+], penetration testers [+], open source tools [+], mantra [+], beta [+], web application security [+], magazine [+], issue [+], clubhack [+], call [+], call for papers [+], slides [+], presentation slides [+], modeling [+], crawler [+], xss [+], washington dc [+], washington [+], walter e. washington [+], vulnerabilities [+], trustwave [+], threat [+], security report [+], papers [+], new delhi [+], mobile warfare [+], minnesota [+], minneapolis minnesota [+], minneapolis [+], india [+], hotel crowne plaza [+], global security [+], global [+], ghosts [+], future [+], echo mirage [+], don [+], delhi ncr [+], cloud [+], bugtraq [+], behavioral [+], application [+], zed attack [+], zap [+], weeks [+], web applications [+], video slides [+], video [+], tomcat [+], testing tool [+], testing [+], technology advancements [+], talk [+], security vulnerability [+], security leaders [+], security conference [+], security challenges [+], research [+], read [+], proxy [+], pre conference [+], portal [+], penetration [+], online [+], nbsp [+], hacking [+], greece [+], darknet [+], conference challenge [+], competition [+], challenge 3 [+], bsides [+], atlanta [+], athens greece [+], athens [+], amp [+], american web [+], american [+], academy [+], Tools [+], Pentesting [+], usa [+]

• May 11, 2012
• 8:43

  OWASP Mantra - Lexicon 0.91 Beta

   » ‎ Packet Storm Security Recent Files
  OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals, etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the source code release.

  Tags:  web mantra source beta owasp web-application-developers open-source-tools penetration-testers  

• April 30, 2012
• 9:00

  Bugtraq: OWASP 2012 Online Competition with Hacking-Lab

   » ‎ SecurityFocus Vulnerabilities
  OWASP 2012 Online Competition with Hacking-Lab

  Tags:  competition online owasp  

• April 27, 2012
• 5:30

  From LOW to PWNED [3] JBoss/Tomcat server-status

   » ‎ Carnal0wnage
  
  Several (tm) months back I did my talk on "From LOW to PWNED" at hashdays and BSides Atlanta.
  
  The slides were published here and the video from hashdays is here, no video for BSides ATL.
  
  I consistently violate presentation zen and I try to make my slides usable after the talk but I decided to do a few blog posts covering the topics I put in the talk anyway.
  
  Post [3] JBoss/Tomcat server-status
  
  There have been some posts/exploits/modules on hitting up unprotected jboss and tomcat servers.
  
  http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
  http://carnal0wnage.attackresearch.com/2009/11/hacking-unprotected-jboss-jmx-console.html
  http://www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/
  http://goohackle.com/jboss-security-vulnerability-jmx-management-console/
  
  http://www.metasploit.com/modules/exploit/multi/http/jboss_maindeployer
  http://www.metasploit.com/modules/exploit/multi/http/tomcat_mgr_deploy
  
  Sometimes even though the deployer functionality is password protected the sever-status may not be.
  
  /web-console/status?full=true
  
  
  
  /manager/status/all
  
  
  
  LOW?
  
  This can be useful to find:
  
  
  

  • Lists of applications
  • Recent URL's accessed
  • sometimes with sessionids 
  • Find hidden services/apps
  • Enabled servlets
  • owned stuff :-)

  Finding 0wned stuff is always fun let's see
  Looking at the list of applications list one that doesnt look normal (zecmd)
  Following that down leads us to zecmd.jsp that is a jsp shell
  
  If you are interested in zecmd.jsp and jboss worm it comes from -->  this is a good write up as well as this OWASP preso https://www.owasp.org/images/a/a9/OWASP3011_Luca.pdf
  thoughts?
  -CG
  
  

  Tags:  talk nbsp tomcat atlanta owasp security-vulnerability bsides Pentesting  

• April 09, 2012
• 10:07

  Bugtraq: OWASP ZAP 1.4.0 released

   » ‎ SecurityFocus Vulnerabilities
  OWASP ZAP 1.4.0 released

  Tags:  owasp  

• March 29, 2012
• 16:56

  OWASP Global AppSec Research (EU) Conference 2012 Call For Papers

   » ‎ Packet Storm Security Misc. Files
  In 2012, OWASP is holding its Global AppSec Research (EU) Conference in Athens, Greece! The OWASP AppSec Research conference is a premier gathering for Information Security leaders and researchers. It brings together the application security community to share cutting-edge ideas, initiatives and technology advancements. The Call For Papers is now open.

  Tags:  appsec research owasp athens greece athens-greece security-leaders technology-advancements  

• March 09, 2012
• 9:22

  OWASP India 3 Call For Papers

   » ‎ Packet Storm Security Recent Files
  The OWASP India 3 Call For Papers has been announced. It will take place August 24th through the 25th, 2012 at Hotel Crowne Plaza Today, Gurgaon, New Delhi (NCR), India.

  Tags:  papers call owasp india new-delhi hotel-crowne-plaza delhi-ncr  

• 9:22

  OWASP India 3 Call For Papers

   » ‎ Packet Storm Security Misc. Files
  The OWASP India 3 Call For Papers has been announced. It will take place August 24th through the 25th, 2012 at Hotel Crowne Plaza Today, Gurgaon, New Delhi (NCR), India.

  Tags:  papers call owasp india new-delhi hotel-crowne-plaza delhi-ncr  

• February 18, 2012
• 9:33

  Threat Modeling Cloud Applications

   » ‎ Packet Storm Security Recent Files
  These are the presentation slides from a talk called Threat Modeling Cloud Applications: What You Don't Know Will Hurt You as presented at the OWASP AppSec USA 2011 conference.

  Tags:  modeling threat cloud don usa presentation-slides owasp  

• 9:33

  Threat Modeling Cloud Applications

   » ‎ Packet Storm Security Misc. Files
  These are the presentation slides from a talk called Threat Modeling Cloud Applications: What You Don't Know Will Hurt You as presented at the OWASP AppSec USA 2011 conference.

  Tags:  modeling threat cloud don usa presentation-slides owasp  

• 9:28

  Behavioral Security Modeling

   » ‎ Packet Storm Security Recent Files
  These are the presentation slides from a talk called Behavioral Security Modeling: Eliminating Vulnerabilities by Building Predictable Systems as presented at the OWASP AppSec USA 2011 conference.

  Tags:  modeling behavioral security usa presentation-slides owasp vulnerabilities  

• 9:28

  Behavioral Security Modeling

   » ‎ Packet Storm Security Misc. Files
  These are the presentation slides from a talk called Behavioral Security Modeling: Eliminating Vulnerabilities by Building Predictable Systems as presented at the OWASP AppSec USA 2011 conference.

  Tags:  modeling behavioral security usa presentation-slides owasp vulnerabilities  

• 9:03

  Trustwave Global Security Report

   » ‎ Packet Storm Security Recent Files
  These slides are from the Trustwave Global Security Report as presented at the OWASP AppSec USA 2011 conference.

  Tags:  global trustwave security usa owasp security-report global-security  

• 9:03

  Trustwave Global Security Report

   » ‎ Packet Storm Security Misc. Files
  These slides are from the Trustwave Global Security Report as presented at the OWASP AppSec USA 2011 conference.

  Tags:  global trustwave security usa owasp security-report global-security  

• 8:36

  Ghosts Of XSS Past, Present, And Future

   » ‎ Packet Storm Security Recent Files
  These are the slides from the Ghost of XSS Past, Present, and Future presentation given at the OWASP AppSec USA 2011 conference.

  Tags:  xss ghosts future usa owasp slides  

• 8:36

  Ghosts Of XSS Past, Present, And Future

   » ‎ Packet Storm Security Misc. Files
  These are the slides from the Ghost of XSS Past, Present, and Future presentation given at the OWASP AppSec USA 2011 conference.

  Tags:  xss ghosts future usa owasp slides  

• 8:30

  Web Application Security Payloads

   » ‎ Packet Storm Security Recent Files
  These are the slides from the Web Application Security Payloads presentation given at the OWASP AppSec USA 2011 conference.

  Tags:  application web security usa web-application-security owasp slides  

• 8:30

  Web Application Security Payloads

   » ‎ Packet Storm Security Misc. Files
  These are the slides from the Web Application Security Payloads presentation given at the OWASP AppSec USA 2011 conference.

  Tags:  application web security usa web-application-security owasp slides  

• February 13, 2012
• 8:00

  Bugtraq: OWASP AppSec USA 2011 Video & Slides Posted

   » ‎ SecurityFocus Vulnerabilities
  OWASP AppSec USA 2011 Video & Slides Posted

  Tags:  video appsec owasp usa video-slides amp  

• December 31, 2011
• 6:22

  OWASP Mantra Armada 0.81 Beta

   » ‎ Packet Storm Security Recent Files
  OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.

  Tags:  web mantra source beta owasp web-application-developers open-source-tools penetration-testers  

• 6:22

  OWASP Mantra Armada 0.81 Beta

   » ‎ Packet Storm Security Tools
  OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.

  Tags:  web mantra source beta owasp web-application-developers open-source-tools penetration-testers  

• 6:22

  OWASP Mantra Armada 0.81 Beta

   » ‎ Packet Storm Security Misc. Files
  OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.

  Tags:  web mantra source beta owasp web-application-developers open-source-tools penetration-testers  

• December 15, 2011
• 15:52

  ClubHACK Magazine Issue 23

   » ‎ Packet Storm Security Recent Files
  ClubHACK Magazine Issue 23 - Topics covered include GSM, Echo Mirage, OWASP Mobile Security Project, Mobile Warfare, and more.

  Tags:  clubhack magazine issue echo-mirage mobile-warfare owasp  

• 15:52

  ClubHACK Magazine Issue 23

   » ‎ Packet Storm Security Misc. Files
  ClubHACK Magazine Issue 23 - Topics covered include GSM, Echo Mirage, OWASP Mobile Security Project, Mobile Warfare, and more.

  Tags:  clubhack magazine issue echo-mirage mobile-warfare owasp  

• November 21, 2011
• 13:00

  Bugtraq: OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab

   » ‎ SecurityFocus Vulnerabilities
  OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab

  Tags:  portal owasp academy security-challenges bugtraq  

• November 13, 2011
• 11:16

  ClubHACK Magazine Issue 22

   » ‎ Packet Storm Security Recent Files
  ClubHACK Magazine Issue 22 - Topics covered include OWASP Mantra's MoC Crawler, Law relating to Cyberterrorism, Best Practices of Web Application Security, and more.

  Tags:  clubhack magazine issue web-application-security owasp crawler  

• 11:16

  ClubHACK Magazine Issue 22

   » ‎ Packet Storm Security Recent Files
  ClubHACK Magazine Issue 22 - Topics covered include OWASP Mantra's MoC Crawler, Law relating to Cyberterrorism, Best Practices of Web Application Security, and more.

  Tags:  clubhack magazine issue web-application-security owasp crawler  

• 11:16

  ClubHACK Magazine Issue 22

   » ‎ Packet Storm Security Misc. Files
  ClubHACK Magazine Issue 22 - Topics covered include OWASP Mantra's MoC Crawler, Law relating to Cyberterrorism, Best Practices of Web Application Security, and more.

  Tags:  clubhack magazine issue web-application-security owasp crawler  

• 11:16

  ClubHACK Magazine Issue 22

   » ‎ Packet Storm Security Misc. Files
  ClubHACK Magazine Issue 22 - Topics covered include OWASP Mantra's MoC Crawler, Law relating to Cyberterrorism, Best Practices of Web Application Security, and more.

  Tags:  clubhack magazine issue web-application-security owasp crawler  

• October 27, 2011
• 5:11

  OWASP Mantra c0c0n 11 / AppSecLatam 11 0.71 Beta

   » ‎ Packet Storm Security Recent Files
  OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.

  Tags:  web mantra source beta owasp web-application-developers open-source-tools penetration-testers  

• 5:11

  OWASP Mantra c0c0n 11 / AppSecLatam 11 0.71 Beta

   » ‎ Packet Storm Security Tools
  OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.

  Tags:  web mantra source beta owasp web-application-developers open-source-tools penetration-testers  

• 5:11

  OWASP Mantra c0c0n 11 / AppSecLatam 11 0.71 Beta

   » ‎ Packet Storm Security Misc. Files
  OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.

  Tags:  web mantra source beta owasp web-application-developers open-source-tools penetration-testers  

• October 12, 2011
• 19:22

  AppSec 2012 Call For Papers

   » ‎ Packet Storm Security Recent Files
  OWASP is currently soliciting papers for the OWASP AppSec DC 2012 conference that will take place at the Walter E. Washington Convention Center in Washington, DC from April 2nd through the 5th.

  Tags:  appsec call owasp walter-e.-washington washington call-for-papers washington-dc  

• 19:22

  AppSec 2012 Call For Papers

   » ‎ Packet Storm Security Misc. Files
  OWASP is currently soliciting papers for the OWASP AppSec DC 2012 conference that will take place at the Walter E. Washington Convention Center in Washington, DC from April 2nd through the 5th.

  Tags:  appsec call owasp walter-e.-washington washington call-for-papers washington-dc  

• September 08, 2011
• 8:01

  Bugtraq: OWASP AppSec USA 2011 - Two Weeks Away

   » ‎ SecurityFocus Vulnerabilities
  OWASP AppSec USA 2011 - Two Weeks Away

  Tags:  appsec owasp weeks usa  

• July 25, 2011
• 12:01

  Bugtraq: OWASP AppSec USA 2011 Pre-conference Challenge #3 - July

   » ‎ SecurityFocus Vulnerabilities
  OWASP AppSec USA 2011 Pre-conference Challenge #3 - July

  Tags:  appsec pre-conference owasp usa conference-challenge challenge-3  

• June 20, 2011
• 10:46

  Zed Attack Proxy – ZAProxy v1.3.0 Released – Integrated Penetration Testing Tool

   » ‎ Darknet
  It’s been a while since the last time we wrote about the OWASP ZAP – Zed Attack Proxy for Web Application Penetration Testing, back in October 2010. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range [...]
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  testing penetration proxy read zed-attack owasp testing-tool darknet hacking Tools  

• March 18, 2011
• 8:01

  Bugtraq: OWASP AppSec USA 2011 Call for Papers

   » ‎ SecurityFocus Vulnerabilities
  OWASP AppSec USA 2011 Call for Papers

  Tags:  owasp call-for-papers  

• February 22, 2011
• 15:08

  OWASP AppSec USA 2011 Announcement

   » ‎ Packet Storm Security Recent Files
  OWASP AppSec USA 2011 has been announced. The Call For Trainers is now open and the Call For Papers opens March 15, 2011. This event will be held from September 20th through the 21st, 2011 in Minneapolis, Minnesota.

  Tags:  appsec call owasp minneapolis usa minnesota minneapolis-minnesota call-for-papers  

• 15:08

  OWASP AppSec USA 2011 Announcement

   » ‎ Packet Storm Security Misc. Files
  OWASP AppSec USA 2011 has been announced. The Call For Trainers is now open and the Call For Papers opens March 15, 2011. This event will be held from September 20th through the 21st, 2011 in Minneapolis, Minnesota.

  Tags:  appsec call owasp minneapolis usa minnesota minneapolis-minnesota call-for-papers  

• October 05, 2010
• 9:01

  Bugtraq: OWASP ZAP

   » ‎ SecurityFocus Vulnerabilities
  OWASP ZAP

  Tags:  bugtraq zap owasp  

• August 02, 2010
• 9:01

  Bugtraq: 2nd. OWASP Ibero-American Web-Applications Security conference (IBWAS?10) - Call for Training

   » ‎ SecurityFocus Vulnerabilities
  2nd. OWASP Ibero-American Web-Applications Security conference (IBWAS?10) - Call for Training

  Tags:  american owasp security american-web security-conference web-applications