Dissecting Java Server Faces for Penetration Testing
OWASP has been used widely as the de facto standard of penetration testing
of web applications and frameworks with its Top 10 attack vectors. However,
the penetration testing methodology should not be constrained to this standard
and must cover the advanced set of attack vectors that should be tested to val-
idate the strength of web frameworks.
This paper is divided into two parts.In the rst part,we discuss the internals of JSF,a Java based web application framework and its inherent security model.In the second part,we discuss about the security weaknesses and applied security features in the JSF.In addition,we also raise a flag on the security issues present in JSF in order to conduct eective penetration testing.
Download PDF: http://www.secniche.org
2 Comments
Sorry, the comment form is closed at this time.
Great post wonderful content and well written. Thanks for sharing info will bookmark and grab rss feed.
Thank’s