• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 834
  • Last Modified:

Security audit on Jboss/Tomcat

HI

I am using Jboss and Tomcat as Java web application server on 100s of RHEL 5 basesd LINUX machines.  I am looking for a tool which could run security audit and produce report of security loop holes in my application setup or applicaiton code.

Can anyone please suggest one ?
0
ashuji
Asked:
ashuji
  • 4
  • 3
1 Solution
 
sr1xxonCommented:
nessus - for system and application level security.

for application code, perhaps something like acunetix (which is not inexpensive), or possibly something like trustwave code review https://www.trustwave.com/code-review.php
0
 
ashujiAuthor Commented:
Hi

Nessus is not free but licensed tool and it is a complete server vulnarability testing tool.  While I am looking for a free tool only for testing vulnarability of Jboss and Tomcat.

Any other suggestions ?
0
 
ahoffmannCommented:
>  While I am looking for a free tool only for testing vulnarability of Jboss and Tomcat.
are you asking just about known vulnerabilities?
hope you're aware that there can't be a list of "known vulnerabilities" for your own code

please describe if you want
  - periodically check for know network and server vulnerabilities
  - web application vulnerability checks (WASS)
  - sorce code analysis (SCA)
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
ashujiAuthor Commented:
HI

I am looking for a tool which could check my Jboss 5 setup for vulnarabilities/security loop holes etc.  Not for source code.  It should be one time check not periodically.
0
 
ahoffmannCommented:
can you please explain what you mean by "secruity loop holes", I'm not used to that term, unfortunately ...
0
 
ashujiAuthor Commented:
TO simplify the requirement, I am looking for a tool which could scan my Jboss setup and tell me areas that need attention in terms of tightening security.
0
 
ahoffmannCommented:
do you really mean just jboss, or do you mean the applications run with jboss?

sorry for stupid questions, but I get the impression that you want something else than written ...
0
 
ashujiAuthor Commented:
ACtually for JBoss and Tomcat setup not the Application Code.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now