SSN Project Proposal: (In)security of Java within middleware
|
|
- Molly Richards
- 5 years ago
- Views:
Transcription
1 SSN Project Proposal: (In)security of Java within middleware Yonne de Bruijn Xander Lammertink Diana Rusu University of Amsterdam Master : System and Network Engineering
2 Introduction JBoss and Tomcat [1][2] are both frameworks widely used and deployed by organizations to host applications. These frameworks are used to serve up Java Server Pages (JSP) [4]. These pages are used to create dynamic web content and, due to their Java-base, are cross-platform compatible. In the previous years these applications have been hardened and secured, but has every aspect been considered? Is the usage of Java secure within these kind of applications? 2
3 Contents 1 Research 4 2 Research Question 5 3 Approach 5 4 Planning 5 5 Implications 6 6 Ethics 6 7 End Product 6 3
4 1 Research The focus of this research will be at the two previously mentioned Java EE server applications: JBoss Tomcat Previous work has been performed regarding these systems, and it has been shown that their security lacks on multiple parts of the software. For example, in 2010, a full lecture was held at Defcon on how to compromise a JBoss install [5]. One of the main methods to compromise a server running JBoss was by implementing a shell which directly executes commands on the server running JBoss [6]. Usage of this method would result in full control over the server. The vulnerabilities exposed can be found within JBoss version 4 and 5. Version 6 and 7 have removed and patched features crucial to this attack [7], but this does not mean that these versions are automatically secure. The previous described attack is based on RMI. RMI is used for communication between two Java Virtual Machines (JVM). Within JBoss and Tomcat, for example, it can be used to connect to the JMX. The JMX in turn can be used to integrate modules, containers and plug-ins [8][9]. This provides an interesting access point to further investigate, as RMI has been implemented in most (if not all) of the Java EE server applications. This is one of the known ways to compromise a i.e. JBoss install. This research will try to determine other methods. 4
5 2 Research Question How (in)secure is the usage if Java within Java EE middleware applications? This research topic can be split up in to several sub-questions, which will be further investigated during the security audit of the aforementioned applications: Can RMI be used to compromise Java EE server applications? What are the known attacks on Java, and can these be used to exploit JBoss and Tomcat? Are any security measures implemented to prevent attacks on the Java base of these applications? 3 Approach Get familiar with old vulnerabilities by examining OWASP [10] Prepare (virtual) servers to test vulnerabilities on Tomcat and JBoss If possible, create a script to generalize found exploits to be used on other Java EE middleware applications. 4 Planning Week 1 Set up server with Tomcat and JBoss Read vulnerabilities and test them Make script for testing them Install older version so test script is tested Install latest version and define new exploits Possible exploits Expand script with new tests 5
6 5 Implications If flaws within the security of Java are exposed, this could have some heavy implications. Many applications in daily use rely heavily on Java or have an entire Java base. When security issues are found, these applications are under risk of being compromised. 6 Ethics There will be no personal data involved throughout this research. Tests will be performed on a specifically setup system (not exposed to the public internet). When issues are found, they will be disclosed in a responsible way. Manufactures will be contacted by the UvA so they can act on the matters before the research will be published. 7 End Product When this research shows that weaknessess are found in these Java applications, an advice will be formed to try to prevent this. This could imply a change to the default configuration, installation instruction or even the core of the applications it self. 6
7 References [1] Overview, R. and Software, U. (2014). JBoss Technology. [online] JBoss Developer. Available at: [Accessed 18 Nov. 2014]. [2] Project, A. (2014). Apache Tomcat - Welcome!. [online] Tomcat.apache.org. Available at: [Accessed 18 Nov. 2014]. [3] Oracle.com, (2014). Java Platform, Enterprise Edition (Java EE) Oracle Technology Network Oracle. [online] Available at: [4] Oracle.com, (2014). JavaServer Pages Technology. [online] Available at: [5] Anon, (2014). [online] Available at: presentations/krpata/defcon-18-krpata-attacking-jboss.pdf [6] Dark Reading, (2014). Who s The Boss Over Your JBoss Servers?. [online] Available at: [7] Hsc.fr, (2014). HSC - Presentations - Hacking and securing JBoss AS. [online] Available at: [Accessed 18 Nov. 2014]. [8] Docs.jboss.org, (2014). Chapter 2. The JBoss JMX Microkernel. [online] Available at: [9] Tomcat.apache.org, (2014). Apache Tomcat 7 (7.0.57) - Monitoring and Managing Tomcat. [online] Available at: [Accessed 19 Nov. 2014]. 7
8 [10] Owasp.org, (2013). OWASP Top PDF. [online] Available at: % pdf [Accessed 19 Nov. 2014]. 8
Oracle Fusion Middleware 11g: Build Applications with ADF I
Oracle University Contact Us: +966 1 1 2739 894 Oracle Fusion Middleware 11g: Build Applications with ADF I Duration: 5 Days What you will learn This course is aimed at developers who want to build Java
More informationRuntime Application Self-Protection (RASP) Performance Metrics
Product Analysis June 2016 Runtime Application Self-Protection (RASP) Performance Metrics Virtualization Provides Improved Security Without Increased Overhead Highly accurate. Easy to install. Simple to
More informationOracle Fusion Middleware 11g: Build Applications with ADF I
Oracle University Contact Us: Local: 1800 103 4775 Intl: +91 80 4108 4709 Oracle Fusion Middleware 11g: Build Applications with ADF I Duration: 5 Days What you will learn Java EE is a standard, robust,
More informationBEAJRockit Mission Control. Introduction to the JVM Browser
BEAJRockit Mission Control Introduction to the JVM Browser Mission Control 3.0.1 Document Revised: October, 2007 Contents Welcome to the JVM Browser Getting Familiar with the JVM Browser.....................................
More informationClearPath Secure Java Overview For ClearPath Libra and Dorado Servers
5/18/2007 Page 1 ClearPath Secure Java Overview For ClearPath Libra and Dorado Servers Technical Presentation 5/18/2007 Page 2 Agenda ClearPath Java for Core Business Transformation Overview Architectural
More informationSecurity Enhancements in Informatica 9.6.x
Security Enhancements in Informatica 9.6.x 1993-2016 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or
More informationOracle Enterprise Manager
Oracle Enterprise Manager System Monitoring Plug-in Installation Guide for Apache Tomcat 13.2.1.0 E73485-01 June 2016 Oracle Enterprise Manager System Monitoring Plug-in Installation Guide for Apache Tomcat,
More informationSecurity Research Advisory ToutVirtual VirtualIQ Pro Multiple Vulnerabilities
Security Research Advisory ToutVirtual VirtualIQ Pro Multiple Vulnerabilities Table of Contents SUMMARY 3 REMOTE COMMAND EXECUTION 4 VULNERABILITY DETAILS 4 TECHNICAL DETAILS 4 INFORMATION LEAKAGE 5 VULNERABILITY
More informationAdministering the JBoss 5.x Application Server
Administering the JBoss 5.x Application Server JBoss Application Server (AS) is one of the most popular open source Java application server on the market. The latest release, JBoss 5, is a Java EE 5 certified
More informationWaratek Runtime Protection Platform
Waratek Runtime Protection Platform Cirosec TrendTage - March 2018 Waratek Solves the Application Security Problems That No One Else Can Prateep Bandharangshi Director of Client Security Solutions March,
More information5 IT security hot topics How safe are you?
5 IT security hot topics How safe are you? Why this whitepaper? We meet many people in IT, of various levels of experience and fields of work. This whitepaper is written for everybody who wants to read
More informationDevPartner Java Edition System Requirements Release
DevPartner Java Edition System Requirements Release 3.3.01 Hardware Requirements Windows for Windows systems: Intel Architecture 32-bit Pentium III 500 MHz or equivalent 256 MB total system memory 100
More informationOracle 1Z0-161 Exam. Volume: 67 Questions
Volume: 67 Questions Question: 1 You want to use an Integrated Development Environment (IDE.to deploy an application to an Oracle Java Cloud Service Instance. Which two tasks must you accomplish for establishing
More informationHands-On Hacking Course Syllabus
Hands-On Hacking Course Syllabus Version 0. 1 Hands-On Hacking 1 Table of Contents HANDS-ON HACKING... 1 TABLE OF CONTENTS... 2 COURSE SYLLABUS... 3 Course... 3 Student Pre-requisites... 3 Laptop Requirements...
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationSaving Time and Costs with Virtual Patching and Legacy Application Modernizing
Case Study Virtual Patching/Legacy Applications May 2017 Saving Time and Costs with Virtual Patching and Legacy Application Modernizing Instant security and operations improvement without code changes
More informationThe Center for Internet Security
The Center for Internet Security Measurably reducing risk through collaboration, consensus, & practical security management Content of this Presentation: I. Background II. Univ. of CA Schools Rights and
More information"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary
Course Summary Description Securing.Net Web Applications - Lifecycle is a lab-intensive, hands-on.net security training course, essential for experienced enterprise developers who need to produce secure.net-based
More informationAdministering WebLogic Server on Java Cloud Service I Ed 1 Coming Soon
Oracle University Contact Us: Local: 0180 2000 526 Intl: +49 8914301200 Administering WebLogic Server on Java Cloud Service I Ed 1 Coming Soon Duration: 5 Days What you will learn This Administering WebLogic
More informationInfrastructure Navigator User's Guide
vcenter Infrastructure Navigator 1.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more
More informationImproving Security in the Application Development Life-cycle
Improving Security in the Application Development Life-cycle Migchiel de Jong Software Security Engineer mdejong@fortifysoftware.com March 9, 2006 General contact: Jurgen Teulings, 06-30072736 jteulings@fortifysoftware.com
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationOutline. Project Goal. Overview of J2EE. J2EE Architecture. J2EE Container. San H. Aung 26 September, 2003
Outline Web-based Distributed EJB BugsTracker www.cs.rit.edu/~sha5239/msproject San H. Aung 26 September, 2003 Project Goal Overview of J2EE Overview of EJBs and its construct Overview of Struts Framework
More informationMitigating Security Breaches in Retail Applications WHITE PAPER
Mitigating Security Breaches in Retail Applications WHITE PAPER Executive Summary Retail security breaches have always been a concern in the past, present and will continue to be in the future. They have
More informationOracle E-Business Suite and Java Security What You Need to Know
Oracle E-Business Suite and Java Security What You Need to Know March 26, 2019 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation
More informationORACLE ENTERPRISE MANAGER 10g ORACLE DIAGNOSTICS PACK FOR NON-ORACLE MIDDLEWARE
ORACLE ENTERPRISE MANAGER 10g ORACLE DIAGNOSTICS PACK FOR NON-ORACLE MIDDLEWARE Most application performance problems surface during peak loads. Often times, these problems are time and resource intensive,
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationOracle Enterprise Manager 12c Sybase ASE Database Plug-in
Oracle Enterprise Manager 12c Sybase ASE Database Plug-in May 2015 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,
More informationTake Your Oracle WebLogic Applications to The Next Level with Oracle Enterprise Manager 12c
Take Your Oracle WebLogic Applications to The Next Level with Oracle Enterprise Manager 12c Mojahedul Hoque Abul Hasanat CTO, Therap Services Neelima Bawa Consulting Tech. Lead, SCP, EM, Oracle Therap
More informationOracle WebLogic Server 11g: Administration Essentials
Oracle University Contact Us: +33 (0) 1 57 60 20 81 Oracle WebLogic Server 11g: Administration Essentials Duration: 5 Days What you will learn This Oracle WebLogic Server 11g: Administration Essentials
More informationJBoss to Geronimo - EJB-Session Beans Migration
JBoss to Geronimo - EJB-Session Beans Migration A typical J2EE application may contain Enterprise JavaBeans or EJBs. These beans contain the application's business logic and live business data. Although
More informationORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017
ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS December 1, 2017 Table of Contents Oracle Managed Security Database Encryption Service for Oracle IaaS... 3 Oracle Managed Security Database
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationEnterprise Java Unit 1- Chapter 3 Prof. Sujata Rizal Introduction to Servlets
1. Introduction How do the pages you're reading in your favorite Web browser show up there? When you log into your favorite Web site, how does the Web site know that you're you? And how do Web retailers
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationBEAWebLogic Server. Introduction to BEA WebLogic Server and BEA WebLogic Express
BEAWebLogic Server Introduction to BEA WebLogic Server and BEA WebLogic Express Version 10.0 Revised: March, 2007 Contents 1. Introduction to BEA WebLogic Server and BEA WebLogic Express The WebLogic
More informationITT Technical Institute. CS420 Application Security Onsite Course SYLLABUS
ITT Technical Institute CS420 Application Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites:
More informationSecurity Testing. John Slankas
Security Testing John Slankas jbslanka@ncsu.edu Course Slides adapted from OWASP Testing Guide v4 CSC 515 Software Security What is Security Testing? Validate security controls operate as expected What
More informationIPLocks Vulnerability Assessment: A Database Assessment Solution
IPLOCKS WHITE PAPER September 2005 IPLocks Vulnerability Assessment: A Database Assessment Solution 2665 North First Street, Suite 110 San Jose, CA 95134 Telephone: 408.383.7500 www.iplocks.com TABLE OF
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationDescriptions for CIS Classes (Fall 2017)
Descriptions for CIS Classes (Fall 2017) Major Core Courses 1. CIS 1015. INTRODUCTION TO COMPUTER INFORMATION SYSTEMS. (3-3-0). This course provides students an introductory overview to basic computer
More informationSecure coding practices
Secure coding practices www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process Outsourcing Secure coding practices Writing good code is an art but equally important
More informationInternet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin
Internet of Things Internet of Everything Presented By: Louis McNeil Tom Costin Agenda Session Topics What is the IoT (Internet of Things) Key characteristics & components of the IoT Top 10 IoT Risks OWASP
More informationInstructor: Eric Rettke Phone: (every few days)
Instructor: Eric Rettke Phone: 818 364-7775 email: rettkeeg@lamission.edu (every few days) Fall 2016 Computer Science 411 - Principles of Cyber Security 1 Please keep a copy of the syllabus handy for the
More informationshortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge
shortcut Your Short Cut to Knowledge The following is an excerpt from a Short Cut published by one of the Pearson Education imprints. Short Cuts are short, concise, PDF documents designed specifically
More informationAdvanced Penetration Testing
Advanced Penetration Testing Additional Insights from Georgia Weidman More Guessable Credentials: Apache Tomcat In the course we looked at specific examples of vulnerabilities. My goal was to cover as
More informationMitigating Java Deserialization attacks from within the JVM
Mitigating Java Deserialization attacks from within the JVM Apostolos Giannakidis @cyberapostle BSides Luxembourg 20th October 2017 1 Who is BACKGROUND Security Architect at Waratek AppSec Runtime protection
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationOracle Fusion Middleware 11g: Build Applications with ADF Accel
Oracle University Contact Us: +352.4911.3329 Oracle Fusion Middleware 11g: Build Applications with ADF Accel Duration: 5 Days What you will learn This is a bundled course comprising of Oracle Fusion Middleware
More informationOPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES
OPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES What is the OWASP Top 10? A list of the top ten web application vulnerabilities Determined by OWASP and the security community at large
More informationProtect your apps and your customers against application layer attacks
Protect your apps and your customers against application layer attacks Development 1 IT Operations VULNERABILITY DETECTION Bots, hackers, and other bad actors will find and exploit vulnerabilities in web
More informationMCAFEE FOUNDSTONE FSL UPDATE
2018-JAN-15 FSL version 7.5.994 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary
More informationDatacenter Security: Protection Beyond OS LifeCycle
Section Datacenter Security: Protection Beyond OS LifeCycle 1 Not so fun Facts from the Symantec ISTR 2017 Report Zero-Day Vulnerability, annual total Legitimate tools, annual total 6,000 5 5,000 4,000
More informationSecuring Web Applications. Architecture Alternatives. Web Application Security Roadmap. Defense in Depth. Defense in Depth
V User Terminal Key Secure Storage Personal Computers AntiVirus Certificate Mgmt Authority :::::: Multiplexor Securing Web Applications Jennifer L. Bayuk jennifer@bayuk.com www.bayuk.com 1 Mainframe Wireless
More informationnext-generation datacenters
whitepaper How Red Hat delivers a secure enterprise platform for next-generation datacenters ExEcutivE summary Security has always been an important consideration when selecting a server operating system
More informationEFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD 1
EFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD 1 EFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD ICTN 6823 BOYD AARON SIGMON EAST CAROLINA UNIVERSITY EFFECTIVE VULNERABILITY MANAGEMENT USING
More informationSystem Requirements for ConSol CM Version Architectural Overview
System Requirements for ConSol CM Version 6.11.1 Architectural Overview ConSol CM is built upon a Java EE web architecture, containing the following core components: JEE Application Server running the
More informationEvaluation of Government Exposed Building Automation Systems. Brought to you by: WhiteScope LLC and QED LLC
Evaluation of Government Exposed Building Automation Systems Brought to you by: WhiteScope LLC and QED LLC Concerns Exposure of devices to the Internet is the number one risk for building automation systems
More informationAn Oracle White Paper October Release Notes - V Oracle Utilities Application Framework
An Oracle White Paper October 2012 Release Notes - V4.2.0.0.0 Oracle Utilities Application Framework Introduction... 2 Disclaimer... 2 Deprecation of Functionality... 2 New or Changed Features... 4 Native
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More informationSamsung SDS Enterprise Cloud
Samsung SDS Enterprise Cloud Middleware JBoss EAP/WS WildFly Apache Tomcat JEUS WebLogic Enterprise Cloud Middleware JBoss EAP/WS Open source-based, enterprise-class Java web application server JBoss EAP
More informationAudit and Assurance Overview
Chartered Professional Accountants of Canada, CPA Canada, CPA are trademarks and/or certification marks of the Chartered Professional Accountants of Canada. 2018, Chartered Professional Accountants of
More informationMQ Jumping... Or, move to the front of the queue, pass go and collect 200
MQ Jumping.... Or, move to the front of the queue, pass go and collect 200 Martyn Ruks DEFCON 15 2007-08-03 One Year Ago Last year I talked about IBM Networking attacks and said I was going to continue
More informationSql Injection Attacks And Defense
We have made it easy for you to find a PDF Ebooks without any digging. And by having access to our ebooks online or by storing it on your computer, you have convenient answers with sql injection attacks
More informationPredictive malware response testing methodology. Contents. 1.0 Introduction. Methodology version 1.0; Created 17/01/2018
Predictive malware response testing methodology Methodology version 1.0; Created 17/01/2018 Contents Contents... 1 1.0 Introduction... 1 2.0 Test framework... 2 3.0 Threat selection and management... 3
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationWEB HOSTING SERVICE OPERATING PROCEDURES AND PROCESSES UNIVERSITY COMPUTER CENTER UNIVERSITY OF THE PHILIPPINES DILIMAN
WEB HOSTING SERVICE OPERATING PROCEDURES AND PROCESSES UNIVERSITY COMPUTER CENTER UNIVERSITY OF THE PHILIPPINES DILIMAN Document Control Document Properties Title Author Document Type Filename File location
More informationIBM. IBM WebSphere Application Server Migration Toolkit. WebSphere Application Server. Version 9.0 Release
WebSphere Application Server IBM IBM WebSphere Application Server Migration Toolkit Version 9.0 Release 18.0.0.3 Contents Chapter 1. Overview......... 1 Chapter 2. What's new........ 5 Chapter 3. Support..........
More informationContents at a Glance. vii
Contents at a Glance 1 Installing WebLogic Server and Using the Management Tools... 1 2 Administering WebLogic Server Instances... 47 3 Creating and Configuring WebLogic Server Domains... 101 4 Configuring
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationCO Oracle WebLogic Server 12c. Administration II. Summary. Introduction. Prerequisites. Target Audience. Course Content.
CO-80153 Oracle WebLogic Server 12c: Administration II Summary Duration 5 Days Audience Administrators, Java EE Developers, Security Administrators, System Administrators, Technical Administrators, Technical
More informationWhy bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?
Jeroen van Beek 1 Why bother? Causes of data breaches OWASP Top ten attacks Now what? Do it yourself Questions? 2 In many cases the web application stores: Credit card details Personal information Passwords
More informationOracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero
Oracle Security Products and Their Relationship to EBS Presented By: Christopher Carriero 1 Agenda Confidential Data in Corporate Systems Sensitive Data in the Oracle EBS What Are the Oracle Security Products
More informationMedeco XT RoUTe ANd ReVeNUe SecURITY SoLUTIoNS
Medeco XT ROUTE AND REVENUE SECURITY SOLUTIONS Intelligent Security for Route and Revenue Control Medeco XT is a robust electronic locking and access management system for vending equipment and facilities.
More informationBreaking Apart the Monolith with Modularity and Microservices CON3127
Breaking Apart the Monolith with Modularity and Microservices CON3127 Neil Griffin Software Architect, Liferay Inc. Specification Lead, JSR 378 Portlet 3.0 Bridge for JavaServer Faces 2.2 Michael Han Vice
More informationPrerequisites for Using Enterprise Manager with Your Primavera Applications
Oracle Enterprise Manager For Oracle Construction and Engineering Configuration Guide for On Premises Version 18 August 2018 Contents Introduction... 5 Prerequisites for Using Enterprise Manager with
More informationIBM BigInsights Security Implementation: Part 1 Introduction to Security Architecture
IBM BigInsights Security Implementation: Part 1 Introduction to Security Architecture Big data analytics involves processing large amounts of data that cannot be handled by conventional systems. The IBM
More informationSecurity in a Mainframe Emulator. Chaining Security Vulnerabilities Until Disaster Strikes (twice) Author Tim Thurlings & Meiyer Goren
Security in a Mainframe Emulator Chaining Security Vulnerabilities Until Disaster Strikes (twice) Author Tim Thurlings & Meiyer Goren October 25, 2017 Table of Contents Introduction... 2 About this paper...
More informationThe PKI Lie. The OWASP Foundation Attacking Certificate Based Authentication. OWASP & WASC AppSec 2007 Conference
The PKI Lie Attacking Certificate Based Authentication Ofer Maor CTO, Hacktics OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 Copyright 2007 - The OWASP Foundation Permission is granted to copy,
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationWhat is it? What does it do?
JBoss Enterprise Application Platform What is it? JBoss Enterprise Application Platform is the industryleading platform for next-generation enterprise Java applications. It provides a stable, open source
More informationJava- EE Web Application Development with Enterprise JavaBeans and Web Services
Java- EE Web Application Development with Enterprise JavaBeans and Web Services Duration:60 HOURS Price: INR 8000 SAVE NOW! INR 7000 until December 1, 2011 Students Will Learn How to write Session, Message-Driven
More informationTopics. Ensuring Security on Mobile Devices
Ensuring Security on Mobile Devices It is possible right? Topics About viaforensics Why mobile security matters Types of security breaches and fraud Anticipated evolution of attacks Common mistakes that
More informationNortel Quality Monitoring. Maintenance Guide NN
NN44480-504 Document status: Standard Document version: 0102 Document date: 6 November 2009 All Rights Reserved While the information in this document is believed to be accurate and reliable, except as
More informationFrom write to root on AIX
From write to root on AIX A case study Silent Signal LLC Email: info@silentsignal.eu Web: www.silentsignal.eu From write to root on AIX TÁRGY: TANULMÁNY INFO&SILENTSIGNAL.EU From Write to Root on AIX 1
More informationYou will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.
IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary
More informationManaging Patches Using SanerNow. 4.0 User Guide
Managing Patches Using SanerNow 4.0 User Guide Contents PATCH MANAGEMENT... 3 Missing Patches... 3 To install missing patches a single time... 3 To install missing patches using an automated task... 4
More informationModule: Introduction. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Introduction Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 2 Some bedtime stories 2 Some bedtime stories
More informationOracle Fusion Middleware
Oracle Fusion Middleware Understanding Oracle WebLogic Server 12c (12.1.2) E28091-02 September 2013 This document provides an overview of Oracle WebLogic Server features and describes how you can use them
More informationOracle Enterprise Manager 12c IBM DB2 Database Plug-in
Oracle Enterprise Manager 12c IBM DB2 Database Plug-in May 2015 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationIs Runtime Application Self Protection (RASP) too good to be true?
Is Runtime Application Self Protection (RASP) too good to be true? An introduction to the power of runtime protection: patch, secure, and upgrade your applications without source code changes or downtime
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationSecuring Applications in the Cloud
Securing Applications in the Cloud Introduction to Cloud Application Security... 2 About the authors...3 About the Cloud Security Alliance... 3 Problem Statement... 4 Issues and Guidance... 4 Infrastructure
More informationHacker Academy UK. Black Suits, White Hats!
Hacker Academy UK Black Suits, White Hats! Cyber Security Training and Services Do your devices Protect you against Cyber-attacks? Chinese hackers have allegedly stolen 50 terabytes of data on F-35 aircraft,
More informationHPE Security Fortify Runtime Application Protection (RTAP)
HPE Security Fortify Runtime Application Protection (RTAP) Software Version: 17.3 Agent Installation Guide Document Release Date: April 2017 Software Release Date: April 2017 Legal Notices Warranty The
More informationAP Computer Science A (Java) Scope and Sequence
AP Computer Science A (Java) Scope and Sequence The CodeHS AP Java course is a year-long course designed to help students master the basics of Java and equip them to successfully pass the AP Computer Science
More information