WebApp Sec mailing list archives
Re: Innocent Code Prize for Best Post on WebAppSec
From: "Sverre H. Huseby" <shh () thathost com>
Date: Mon, 1 Mar 2004 15:46:07 +0100
This is a reply to Mark Curphey's post [1] on 2004-02-16. In case you didn't see it: For a few weeks I give a copy of my book [2] to authors of webappsec-posts I like (not that I think they need it, but anyway... :) ). I happened to like Rogan Dawes' short and easy-to-understand overview of how SSL traffic may be intercepted [3], posted on 2004-02-26. Even though e.g. SSL-enabled load balancers (server-side interception), "cracking proxies" (client-side) and dsniff.webmitm (in the middle) have been available for years, it seems like SSL/TLS still works like black magic to many. I guess Rogan's post may clear things up for some. Rogan should know what he's talking about, as he's the author of the Exodus proxy [4], and a major contributor to OWASP's own WebScarab [5]. A book is in the (snail)mail. Sverre. 1 <200402161618.LAA20125 () arkroyal cnchost com> http://www.securityfocus.com/archive/107/353996/2004-02-12/2004-02-18/0 2 http://innocentcode.thathost.com/ 3 <403DD8B2.1A76E.1F9 () z-iris2 zipa com> http://www.securityfocus.com/archive/107/355415/2004-02-20/2004-02-26/0 4 http://dawes.za.net/rogan/exodus.html 5 http://www.owasp.org/development/webscarab -- shh () thathost com My web security book: Innocent Code http://shh.thathost.com/ http://innocentcode.thathost.com/
Current thread:
- Innocent Code Prize for Best Post on WebAppSec Mark Curphey (Feb 16)
- Re: Innocent Code Prize for Best Post on WebAppSec Sverre H. Huseby (Mar 01)
- Re: Innocent Code Prize for Best Post on WebAppSec Sverre H. Huseby (Mar 13)
- Re: Innocent Code Prize for Best Post on WebAppSec Sverre H. Huseby (Mar 25)