[Owasp-italy] JBoss Security

Luca Carettoni luca.carettoni at ikkisoft.com
Tue Jan 24 07:27:19 UTC 2012


Saluti,
con l'intento di ravvivare questa mailing, vi giro una presentazione che
ho fatto ultimamente in un paio di OWASP meeting. 

https://www.owasp.org/index.php/File:OWASP3011_Luca.pdf

Come potete leggere dall'abstract, copre in maniera abbastanza
dettagliata le misconfiguration piu' comuni di JBoss. In aggiunta, ci
sono alcuni dettagli tecnici che potrebbero interessare eventuali
pentester.  

"Being a widely deployed enterprise application server, JBoss has always
been a juicy target for attackers. Security vulnerabilities and
misconfigurations in critical components, such as the infamous
JMX-console, can be exploited in order to execute arbitrary code and
harm the confidentiality, integrity and availability of the entire
system. Our quick journey through JBoss insecurity will start from the
analysis of a critical authentication bypass flaw to the recent JBoss
worm which affected numerous installations worldwide. This presentation
will also cover practical aspects on how to detect misconfigurations and
secure your application server"
 
Alla prossima, 
Luca

-- 
Luca Carettoni <luca.carettoni at ikkisoft.com>



More information about the Owasp-italy mailing list