Penetration Testing mailing list archives
Re: Tools to perform auto sec testing on Java Applications
From: Serg B <sergeslists () gmail com>
Date: Fri, 27 Mar 2009 13:27:55 +1100
Hi Regarding the application server... Same as any other server. Local Java client is a bit different though, look into: StackTrace from Adaptj (http://www.adaptj.com/main/stacktrace). Not cheap but it will allow you to hook into a running Java process and interrogate it using BeanShell. Invoke methods, reassign variable values, etc. There is also a way of doing it on the cheap through either DLL injection or Java's Attach API but I haven't tried it yet. And finally oldies like WireShark and maybe Cane&Able... Hope it helps a bit. Serg On Fri, Mar 27, 2009 at 1:03 PM, Amardeep Singh <Amardeep_Singh () symantec com> wrote:
Hi Serg, This is a client server based application with both of them in JAVA. It has IBM HTTP webserver and apache as application server. Amardeep Singh -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Serg B Sent: Wednesday, March 25, 2009 10:03 AM To: tas0584 () googlemail com Cc: pen-test Subject: Re: Tools to perform auto sec testing on Java Applications Hi Amardeep Are you testing a (a) web based application written in Java; or (b) a client-server type application with a local client written in Java? Serg 2009/3/24 τ∂υƒιφ * <tas0584 () gmail com>:Hey, following guide is comprehensive, http://www.owasp.org/index.php/Category:OWASP_Java_Project -- Taufiq http://www.niiconsulting.com/products/iso_toolkit.html 2009/3/23 Amardeep Singh <Amardeep_Singh () symantec com>:Hi everyone, Can any body suggest some good tools to perform sec testing for Java applications? It's a client server based application, with apache server in picture as an application server. Thanks Amardeep ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT. http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------
Current thread:
- Tools to perform auto sec testing on Java Applications Amardeep Singh (Mar 23)
- Re: Tools to perform auto sec testing on Java Applications τ∂υƒιφ * (Mar 24)
- Re: Tools to perform auto sec testing on Java Applications Serg B (Mar 26)
- Message not available
- Re: Tools to perform auto sec testing on Java Applications Serg B (Mar 30)
- Re: Tools to perform auto sec testing on Java Applications Serg B (Mar 26)
- Re: Tools to perform auto sec testing on Java Applications τ∂υƒιφ * (Mar 24)
- Message not available
- Re: Tools to perform auto sec testing on Java Applications SD List (Mar 24)