What is The Web Security Mailing List?

The Web Security Mailing List is an open information forum for discussing topics relevant to web security. Topics include, but are not limited to, industry news and technical discussions surrounding web applications, proxies, honeypots, new attack types, methodologies, application firewalls, discoveries, experiences, web servers, application servers, database security, tools, solutions, and others.



The Web Security Mailing List is maintained by the Web Application Security Consortium (WASC)

http://www.webappsec.org



How do I unsubscribe?

There are two ways to unsubscribe.



#1

Email websecurity-unsubscribe@lists.webappsec.org, you should receive a reply indicating that you'd like to unsubscribe. Simply reply to the unsubscribe email request and you will be removed. Be sure to check your spam folder as the unsubscribe request may be triggered by your spam software.



#2

At the bottom of this page you'll see a textbox and 'Unsubscribe of edit options' button. Put your email in this textbox and click it. On the next page at the very bottom you'll see 'Unsubscribe' with a button called 'Unsubscribe', click it. By clicking on the Unsubscribe button, a confirmation message will be emailed to you. This message will have a link that you should click on to complete the removal process (you can also confirm by email; see the instructions in the confirmation message).



I don't know my password, how do I get it?

At the bottom of this page you'll see a textbox and 'Unsubscribe of edit options' button. Put your email in this textbox and click it. On the next page at the very bottom you'll see 'Password reminder' with a button called 'Remind'. Click 'Remind' to have your password emailed to you.



When was The Web Security Mailing List created?

April, 2005



What is appropriate content?

As a general rule, ask your questions concisely and politely. Post should be respectful, contain no foul language or personal derogatory remarks. When voicing disagreement or dislike for something, again be polite and respectful.



Post Guidelines:

* The mailing list discussion is meant to be informative and collaborative.

* All postings must be in English.

* Post should be text based (no html)

* Questions and conversation surrounding relevant to the above topics.

* Posts announcing "new" and/or updated commercial products may be approved provided they are relevant to the list, restricted to one paragraph in length, contain factual information, and free of marketing hype. Open source product announcements carry the same requirements, but may be a full page in length.



What is inappropriate content?

* Rants, flames, ethics or morality discussion, and general inflammatory conduct.

* Non web security related posts

* Topics of an illegal or disreputable nature

* HTML posts

* Product advertisements

* "How to hack into..." questions

* Unresolved security issues within an actual website.

* Vulnerability advisories in products, applications, or websites. These disclosures should be directed toward Bugtraq, Full-Disclosure, VulnWatch, Secunia, or the website owners.



Is the list moderated?

Yes.



Who is the moderator(s)?

The list moderator(s) are responsible for applying the charter fairly and equally to all received posts. As such the moderators maintain full discretion over deciding what is appropriate content for the list. Please communicate with Robert Auger regarding any complains or disputes for resolution.



* Robert Auger (Moderator)



Do you verify the information on list?

No, information within list posts are not verified. The Web Security Mailing List moderation process is used to apply the charter and keep the list discussion on topic. The moderators or WASC does not verify, endorse, validate, or recommend any solutions, patches, tools, products, information, solutions, vulnerabilities, or exploits posted by third parties to the list. While moderators make every effort to remove malware from list traffic, WASC or the moderators cannot be held responsible or liable for any damage caused by a post.



Where are the list archives? To see the collection of prior postings to the list, visit the websecurity Archives.