Re: Security Assessment on J2EE Environments

• "Jeff Williams @ Aspect" <jeff.williams@aspectsecurity.com> wrote:
  >
  > You might start with the information in the OWASP
  

Yes, we are using the OWASP document too.

>
> Also, it sounds like you are focusing on an external

We are doing a mix between an external penetration test and doing a security code review. Formally speaking we are seeing the code and showing the insecurities within.
(The code is really big!)

> There's nothing magical about J2EE security. Most

Yes, I think there is not something magical "per se" but if the development team is good and knows where to put all the screws, the final product has better security quality than any normal enterprise product.

Thank You All
Iggeres

>
> --Jeff
>
> Jeff Williams
> Aspect Security, Inc.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek