The ha.ckers.org and sla.ckers.org web application security lab house rules and a place for you to introduce yourself if you like.

If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on).

This is a place for us to start seriously talking about vendors. Who's great, who's not, what's it cost, how does it relate to their competitors and would we buy it? A place to talk about snakeoil, and brilliant products alike. Marketing fluff is forbidden.

Bug reports, feature enhancements or other complaints with the site, with us or just tell us what a miserable existance you have. No death threats or poetry please. Just kidding, no poetry please.

Ever wanted to work as a "chief hacker" "security evangelist"? This is a place to post jobs or ask for work. Over time as I hear about job offers, we can consolidate them into this board.

Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike...

How robots and spiders are causing issues, how to stop them. We can also talk about Completely Automated Public Turing Test To Tell Computers And Humans Apart - their use, their compliance issues, porn proxies, PWNtcha and other ways to defeat them.

Breaking things on the go...iPhones, Androids, PalmOS, WinMo, etc...

How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack.

How do we crash systems, browsers, or otherwise bring things to a halt, and how do we protect those things?

Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc....

Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails.

Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback.

This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it?

Ways to improve page rank, or deceptively get more users to your websites or away from your competition. Where you can discuss SEO (search engine optimization) issues as it relates to computer security.

Ways to stop spam, detect robotic activity, and actually harm the spam trade, as well as how it works, how to circumvent filters, etc.

For 802.11 and bluetooth security people alike. Latest trends, attack surface issues, and prevention. How wireless security is becoming the new vector to hacking corporate websites and applications.

Q and A for any cross site scripting information. Feel free to ask away.

Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r!

Think it would be cool to build a sandbox around all that malicious code so we don't have to worry about it anymore? Or are you the guy who's going to break the sandbox just to show its flaws? Either way, this is the spot to talk about it.

For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL!