WebApp Sec mailing list archives
Re: [WEB SECURITY] SSL does not = a secure website
From: "Ryan Barnett" <rcbarnett () gmail com>
Date: Wed, 29 Mar 2006 08:51:11 -0500
While these tangents are interesting, my original question is still unanswered. Does anyone have any references to news stories, etc... about attackers sniffing user's web data and then using it? This is not a questions of whether sniffing is a real threat, it is. This is a question of having verifiable proof that this is happening in order to "convert" the unbelievers. We have verifiable proof that credit card data is being pilfered in other ways (keyloggers, access to DB, etc...). Check out the WASC Web Hacking Incident Database for news stories - http://www.webappsec.org/projects/whid/list_class_sql_injection.shtml -- Ryan C. Barnett Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor: Securing Apache GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- RE: [WEB SECURITY] SSL does not = a secure website Sebastien Deleersnyder (Mar 28)
- <Possible follow-ups>
- Re: [WEB SECURITY] SSL does not = a secure website Richard St John (Mar 28)
- Re: [WEB SECURITY] SSL does not = a secure website Nick Owen (Mar 28)
- RE: [WEB SECURITY] SSL does not = a secure website Mark Mcdonald (Mar 28)
- Re: [WEB SECURITY] SSL does not = a secure website michaelslists (Mar 28)
- Re: [WEB SECURITY] SSL does not = a secure website Andrew van der Stock (Mar 28)
- RE: [WEB SECURITY] SSL does not = a secure website Lyal Collins (Mar 29)
- Re: [WEB SECURITY] SSL does not = a secure website Ryan Barnett (Mar 29)
- Re: [WEB SECURITY] SSL does not = a secure website Brian Eaton (Mar 29)
- Re: [WEB SECURITY] SSL does not = a secure website michaelslists (Mar 28)
- Re: [WEB SECURITY] SSL does not = a secure website Bill Pennington (Mar 28)
- Re: [WEB SECURITY] SSL does not = a secure website Gervase Markham (Mar 29)
- Re: [WEB SECURITY] SSL does not = a secure website Evert Collab (Mar 29)
- Re: [WEB SECURITY] SSL does not = a secure website michaelslists (Mar 28)