Hosting Provided By

Security Assessment on J2EE Environments

From: Gary Gwin <websec(at)cafesoft.com>
Date: Wed Mar 19 2003 - 15:47:26 EST

Iggeres,

Have you checked out the Top 10 Vulnerabilities document at www.owasp.org? It has very good information on SQL command injection and parameter validation.

We have a white paper on our site that discusses authentication and access control issues with respect to Tomcat:

http://www.cafesoft.com/products/cams/tomcat-security.html

You might also find a presentation we did at JavaOne to be helpful, it discusses scope issues with respect to J2EE security from an enterprise perspective. A link for this and a number of other useful J2EE security articles is found on our site at:

http://www.cafesoft.com/support/security/links.html

I'd be very interested in working with the community to further develop information on security in J2EE environments.

Gary

Do you need help?

Iggeres Bet wrote:

> Dear List,

-- 

Gary Gwin
http://www.cafesoft.com

*****************************************************************
*                                                               *
*   The Cafesoft Access Management System, Cams, is security    *
*   software that provides single sign-on authentication and    *
*   centralized access control for Apache, Tomcat, and custom   *
*   resources.                                                  *
*                                                               *
*****************************************************************

Received on Thu Mar 20 13:06:27 2003

This message: [ Message body ]
Next message: Jeff Williams (at) Aspect: "Re: Security Assessment on J2EE Environments"
In reply to McLean, Michael R: "RE: Security Assessment on J2EE Environments"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:49 EDT