Re: Sample JAVA application

[Jean-Jacques Halans <halans () gmail com>]

Following articles may be of interest to you:

Java Security Guidelines: Developing and Using Java More Securely 
http://www.securingjava.com/chapter-seven/chapter-seven-1.html

JSP Security for Limiting Access to Application-Internal URLs
http://www.developer.com/java/article.php/883381

JSP Security
http://www.onjava.com/pub/a/onjava/2001/06/27/java_security.html

Hope it helps (although they may be outdated).
Regards
Jean-Jacques Halans

On Fri, 22 Oct 2004 11:38:22 +0200, Chris Vanden Berghe
<chris () vandenberghe org> wrote:
> Hi all,
>
> I'm working on practical security of Web Applications and Web Services,
> especially on applications written in Java.
>
> You find a lot of information about the typical WA vulnerabilities (SQL
> inj, XSS, session handling errors, ...).  Information that is more
> difficult to find is on which vulnerabilities are more likely in
> applications written in certain programming languages (or developed
> using a particular framework, concepts or tools).
>
> For my work it would be interesting to have an idea about which
> vulnerabilities are often encountered in WA or WS written in Java (using
> JSP, Servlets and EJB's).
>
> Is there anybody on this list who has seen some results of penetration
> tests or audits of Java WA/WS?  What are the most common vulnerabilities
> discovered?
>
> Kind regards and thank you in advance,
> Chris.


-- 

Halans Jean-Jacques

================================
> New Zealand Journal : http://nz.halans.be
> Honeymoon Australia : http://oz.halans.be
================================