[Owasp-greece] JNLP Application Security Assessment

Zacharias zqyves.spamtrap at gmail.com
Sun Sep 25 06:32:59 EDT 2011


Hello all,

I was asked to assess a jnlp application a while back. Searching the
web provided little to no information as to how one should – at least
start – such an engagement, so - I was at it - I set off to create one
myself.

As a you’ ve been warned sign, it is neither groundbreaking research
nor rocket science; and was not meant as such. I gathered some
available information as to the exact nature and semantics of jnlp
application, documented the process and tools I used and provided a
few attack scenarios in a sample application developed for this intent
in a few blog posts that may serve as a starting point to someone on a
similar point in the future.

The starting post is at
http://zqyves.wordpress.com/2011/09/24/jnlp-application-security-assessment-setting-the-scene/

The rough structure of the posts is the following:
•       JNLP Application Security Assessment – Part 1 : Analysis of a
typical JNLP file
•       JNLP Application Security Assessment – Part 2 : Runtime
Mapping of a JNLP Application
•       JNLP Application Security Assessment – Part 3 : Application
decomposition / Static analysis
•       JNLP Application Security Assessment – Part 4 : Dynamic analysis

Best regards,
./Zacharias


More information about the Owasp-greece mailing list