Security audit on Jboss/Tomcat
HI
I am using Jboss and Tomcat as Java web application server on 100s of RHEL 5 basesd LINUX machines. I am looking for a tool which could run security audit and produce report of security loop holes in my application setup or applicaiton code.
Can anyone please suggest one ?
I am using Jboss and Tomcat as Java web application server on 100s of RHEL 5 basesd LINUX machines. I am looking for a tool which could run security audit and produce report of security loop holes in my application setup or applicaiton code.
Can anyone please suggest one ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> While I am looking for a free tool only for testing vulnarability of Jboss and Tomcat.
are you asking just about known vulnerabilities?
hope you're aware that there can't be a list of "known vulnerabilities" for your own code
please describe if you want
- periodically check for know network and server vulnerabilities
- web application vulnerability checks (WASS)
- sorce code analysis (SCA)
are you asking just about known vulnerabilities?
hope you're aware that there can't be a list of "known vulnerabilities" for your own code
please describe if you want
- periodically check for know network and server vulnerabilities
- web application vulnerability checks (WASS)
- sorce code analysis (SCA)
ASKER
HI
I am looking for a tool which could check my Jboss 5 setup for vulnarabilities/security loop holes etc. Not for source code. It should be one time check not periodically.
I am looking for a tool which could check my Jboss 5 setup for vulnarabilities/security loop holes etc. Not for source code. It should be one time check not periodically.
can you please explain what you mean by "secruity loop holes", I'm not used to that term, unfortunately ...
ASKER
TO simplify the requirement, I am looking for a tool which could scan my Jboss setup and tell me areas that need attention in terms of tightening security.
do you really mean just jboss, or do you mean the applications run with jboss?
sorry for stupid questions, but I get the impression that you want something else than written ...
sorry for stupid questions, but I get the impression that you want something else than written ...
ASKER
ACtually for JBoss and Tomcat setup not the Application Code.
ASKER
Nessus is not free but licensed tool and it is a complete server vulnarability testing tool. While I am looking for a free tool only for testing vulnarability of Jboss and Tomcat.
Any other suggestions ?