Security audit on Jboss/Tomcat

HI

I am using Jboss and Tomcat as Java web application server on 100s of RHEL 5 basesd LINUX machines.  I am looking for a tool which could run security audit and produce report of security loop holes in my application setup or applicaiton code.

Can anyone please suggest one ?
ashujiAsked:
Who is Participating?
 
sr1xxonConnect With a Mentor Commented:
nessus - for system and application level security.

for application code, perhaps something like acunetix (which is not inexpensive), or possibly something like trustwave code review https://www.trustwave.com/code-review.php
0
 
ashujiAuthor Commented:
Hi

Nessus is not free but licensed tool and it is a complete server vulnarability testing tool.  While I am looking for a free tool only for testing vulnarability of Jboss and Tomcat.

Any other suggestions ?
0
 
ahoffmannCommented:
>  While I am looking for a free tool only for testing vulnarability of Jboss and Tomcat.
are you asking just about known vulnerabilities?
hope you're aware that there can't be a list of "known vulnerabilities" for your own code

please describe if you want
  - periodically check for know network and server vulnerabilities
  - web application vulnerability checks (WASS)
  - sorce code analysis (SCA)
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
ashujiAuthor Commented:
HI

I am looking for a tool which could check my Jboss 5 setup for vulnarabilities/security loop holes etc.  Not for source code.  It should be one time check not periodically.
0
 
ahoffmannCommented:
can you please explain what you mean by "secruity loop holes", I'm not used to that term, unfortunately ...
0
 
ashujiAuthor Commented:
TO simplify the requirement, I am looking for a tool which could scan my Jboss setup and tell me areas that need attention in terms of tightening security.
0
 
ahoffmannCommented:
do you really mean just jboss, or do you mean the applications run with jboss?

sorry for stupid questions, but I get the impression that you want something else than written ...
0
 
ashujiAuthor Commented:
ACtually for JBoss and Tomcat setup not the Application Code.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.