Solved

Security audit on Jboss/Tomcat

Posted on 2013-01-30
9
790 Views
Last Modified: 2013-02-08
HI

I am using Jboss and Tomcat as Java web application server on 100s of RHEL 5 basesd LINUX machines.  I am looking for a tool which could run security audit and produce report of security loop holes in my application setup or applicaiton code.

Can anyone please suggest one ?
0
Comment
Question by:ashuji
  • 4
  • 3
9 Comments
 
LVL 6

Accepted Solution

by:
sr1xxon earned 500 total points
ID: 38834483
nessus - for system and application level security.

for application code, perhaps something like acunetix (which is not inexpensive), or possibly something like trustwave code review https://www.trustwave.com/code-review.php
0
 

Author Comment

by:ashuji
ID: 38835222
Hi

Nessus is not free but licensed tool and it is a complete server vulnarability testing tool.  While I am looking for a free tool only for testing vulnarability of Jboss and Tomcat.

Any other suggestions ?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 38841360
>  While I am looking for a free tool only for testing vulnarability of Jboss and Tomcat.
are you asking just about known vulnerabilities?
hope you're aware that there can't be a list of "known vulnerabilities" for your own code

please describe if you want
  - periodically check for know network and server vulnerabilities
  - web application vulnerability checks (WASS)
  - sorce code analysis (SCA)
0
 

Author Comment

by:ashuji
ID: 38843238
HI

I am looking for a tool which could check my Jboss 5 setup for vulnarabilities/security loop holes etc.  Not for source code.  It should be one time check not periodically.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 51

Expert Comment

by:ahoffmann
ID: 38843596
can you please explain what you mean by "secruity loop holes", I'm not used to that term, unfortunately ...
0
 

Author Comment

by:ashuji
ID: 38850865
TO simplify the requirement, I am looking for a tool which could scan my Jboss setup and tell me areas that need attention in terms of tightening security.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 38852375
do you really mean just jboss, or do you mean the applications run with jboss?

sorry for stupid questions, but I get the impression that you want something else than written ...
0
 

Author Comment

by:ashuji
ID: 38854207
ACtually for JBoss and Tomcat setup not the Application Code.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Convert websphere application server default chained Certificates from 1024 to 2048 keysize or higher size and also you can change signatureAlgorithm . Please make sure Websphere Application Server fixpack 7.0.0.23 or Above. The following steps a…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now