Solved

Security audit on Jboss/Tomcat

Posted on 2013-01-30
9
814 Views
Last Modified: 2013-02-08
HI

I am using Jboss and Tomcat as Java web application server on 100s of RHEL 5 basesd LINUX machines.  I am looking for a tool which could run security audit and produce report of security loop holes in my application setup or applicaiton code.

Can anyone please suggest one ?
0
Comment
Question by:ashuji
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 6

Accepted Solution

by:
sr1xxon earned 500 total points
ID: 38834483
nessus - for system and application level security.

for application code, perhaps something like acunetix (which is not inexpensive), or possibly something like trustwave code review https://www.trustwave.com/code-review.php
0
 

Author Comment

by:ashuji
ID: 38835222
Hi

Nessus is not free but licensed tool and it is a complete server vulnarability testing tool.  While I am looking for a free tool only for testing vulnarability of Jboss and Tomcat.

Any other suggestions ?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 38841360
>  While I am looking for a free tool only for testing vulnarability of Jboss and Tomcat.
are you asking just about known vulnerabilities?
hope you're aware that there can't be a list of "known vulnerabilities" for your own code

please describe if you want
  - periodically check for know network and server vulnerabilities
  - web application vulnerability checks (WASS)
  - sorce code analysis (SCA)
0
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

 

Author Comment

by:ashuji
ID: 38843238
HI

I am looking for a tool which could check my Jboss 5 setup for vulnarabilities/security loop holes etc.  Not for source code.  It should be one time check not periodically.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 38843596
can you please explain what you mean by "secruity loop holes", I'm not used to that term, unfortunately ...
0
 

Author Comment

by:ashuji
ID: 38850865
TO simplify the requirement, I am looking for a tool which could scan my Jboss setup and tell me areas that need attention in terms of tightening security.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 38852375
do you really mean just jboss, or do you mean the applications run with jboss?

sorry for stupid questions, but I get the impression that you want something else than written ...
0
 

Author Comment

by:ashuji
ID: 38854207
ACtually for JBoss and Tomcat setup not the Application Code.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are numerous questions about how to setup an IBM HTTP Server to be administered from WebSphere Application Server administrative console. I do hope this article will wrap things up and become a reference for this task. You need three thingsā€¦
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question