Abstract

Hacking J2EE application servers will discuss the different possibilities that exist to hack a J2EE application server like WebSphere, WebLogic, SAP Enterprise Portal, ....
Because those servers run our important J2EE applications, they will increasingly be the target of hackers. Hackers will try to compromise those machines by abusing misconfigurations, standard configurations or the running J2EE applications. This talk will focus on the risk that is introduced by running J2EE servers in a business environment and how to protect them.

This talk is based on experience gathered during penetration tests and security audits of various infrastructures.

Date and Time

Wednesday, December 15th 2004 - 12:15-13:15

Audience

Novice, Expert

Speaker

Erwin Geirnaert

Interesting Links

• JavaPolis 2004 talk

• http://www.secure-application-development.org
• http://www.blackhat.com
• http://www.cgisecurity.com
• http://www.loqutus.be
• http://www.blackhat.com
• http://www.owasp.org
• http://www.nextgenss.com
• http://www.securityfocus.com
• http://www.appsecinc.com/
• http://endo.webappsecurity.com
• http://www.metasploit.org/