Dissecting Java Server Faces for Penetration Testing

Dissecting Java Server Faces for Penetration Testing

In present times, software security has become an indispensable part of software development life cycle. The penetration testing approach varies with respect to web development frameworks and platforms. With the advent of advanced level of attacks, it has become crucial to raise the standards of penetration testing.An aggressive security testing approach is required to detect the inherent vulnerabilities and to develop robust security solutions in order to thwart sophisticated attacks. Owing to the seamless pace of security research, a plethora of vulnerabilities are being unearthed in web frameworks and software. Thus, for e ective penetration testing, the security model and web framework architecture should be dissected appropriately.

OWASP has been used widely as the de facto standard of penetration testing
of web applications and frameworks with its Top 10 attack vectors. However,
the penetration testing methodology should not be constrained to this standard
and must cover the advanced set of attack vectors that should be tested to val-
idate the strength of web frameworks.

This paper is divided into two parts.In the rst part,we discuss the internals of JSF,a Java based web application framework and its inherent security model.In the second part,we discuss about the security weaknesses and applied security features in the JSF.In addition,we also raise a flag on the security issues present in JSF in order to conduct e ective penetration testing.

Download PDF: http://www.secniche.org

INSECT Pro v.2.6.1 – Ultimate

INSECT Pro is a new free tool for Penetration Testing and the ultimate resource to demonstrate the security or vulnerability of your network.

INSECT Pro goes beyond simply detecting vulnerabilities to safely exploiting them. The first free integrated vulnerability and penetration testing tool, INSECT is part of the complete solution Insecurity Research offers to evaluate the vulnerabilities on your network

The product’s user friendly interface has -among other options- the choice between an offensive and inoffensive attack that gives the user the ability to make different kinds of attacks without the possibility of damage and includes functions for generating complete and comprehensive reports from the gathered information.

Supported Platforms and Installations
– Windows XP,2003,Vista,2008 Server,and Windows 7 (requires Python and.NET)
– Automatic regular weekly updates
– Contains the lastest exploits on the wild!

Download: http://www.insecurityresearch.com

Video Demo: http://www.youtube.com