Security audit on Jboss/Tomcat

Posted on 2013-01-30
Last Modified: 2013-02-08

I am using Jboss and Tomcat as Java web application server on 100s of RHEL 5 basesd LINUX machines.  I am looking for a tool which could run security audit and produce report of security loop holes in my application setup or applicaiton code.

Can anyone please suggest one ?
Question by:ashuji
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3

Accepted Solution

sr1xxon earned 500 total points
ID: 38834483
nessus - for system and application level security.

for application code, perhaps something like acunetix (which is not inexpensive), or possibly something like trustwave code review

Author Comment

ID: 38835222

Nessus is not free but licensed tool and it is a complete server vulnarability testing tool.  While I am looking for a free tool only for testing vulnarability of Jboss and Tomcat.

Any other suggestions ?
LVL 51

Expert Comment

ID: 38841360
>  While I am looking for a free tool only for testing vulnarability of Jboss and Tomcat.
are you asking just about known vulnerabilities?
hope you're aware that there can't be a list of "known vulnerabilities" for your own code

please describe if you want
  - periodically check for know network and server vulnerabilities
  - web application vulnerability checks (WASS)
  - sorce code analysis (SCA)
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.


Author Comment

ID: 38843238

I am looking for a tool which could check my Jboss 5 setup for vulnarabilities/security loop holes etc.  Not for source code.  It should be one time check not periodically.
LVL 51

Expert Comment

ID: 38843596
can you please explain what you mean by "secruity loop holes", I'm not used to that term, unfortunately ...

Author Comment

ID: 38850865
TO simplify the requirement, I am looking for a tool which could scan my Jboss setup and tell me areas that need attention in terms of tightening security.
LVL 51

Expert Comment

ID: 38852375
do you really mean just jboss, or do you mean the applications run with jboss?

sorry for stupid questions, but I get the impression that you want something else than written ...

Author Comment

ID: 38854207
ACtually for JBoss and Tomcat setup not the Application Code.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Redhat upgrade 1 65
Reject incoming email for specific user - postfix 10 67
SSH setup on ASA 5505 17 114
Linux 6 26
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question