Tác giả Chủ đề: [Research] JavaSnoop: How to hack anything in Java  (Đọc 1385 lần)

Offline ddnbgroup

  • Trung úy
  • ***
  • Điểm yêu thích +5/-0
  • Diễn đàn Nhật Bản
  • Paypal Account: ddnbgroup@yahoo.co.jp
[Research] JavaSnoop: How to hack anything in Java
« vào lúc: Thứ bảy, 5/12/2015, 09:42:10 am »


Many applications in the enterprise world feature thick Java clients.
Testing the security of such applications is considered practically more difficult
than a similar browser-based client because inspecting, intercepting and altering
application data is easy in the browser. With DOM inspection tools like Firebug
and WebKit Web Inspector, and HTTP proxy tools such as WebScarab, Fiddler
and Burp, assessing the trust boundary between the client and server has
become mostly commoditized in web applications.

Security practitioners have been struggling to reach the same level of
effectiveness when testing thick Java clients. Researchers have previously tried
to statically alter the application code through decompilation and recompilation
to add BeanShell script “hooks”. Also, work has been done to create proxies
that can parse simple serialized objects, a common way of sending data between
a Java client and server.

The purpose of this paper is to describe an alternate approach to testing the
security of a Java application. This approach utilizes instrumentation and Java
agents to make altering traffic, inspecting data and otherwise attacking a Java
application endpoint much easier than ever before. The implementation of this
approach is a tool called JavaSnoop.

Keywords: application security, instrumentation, agent, Java, virtual machine.

Bạn không thể xem liên kết này. <a href="https://diendannhatban.info/index.php?PHPSESSID=j8b5segvtn4v5ip3p8togma067&amp;action=register">Đăng ký</a>&nbsp;hoặc&nbsp;<a href="https://diendannhatban.info/index.php?PHPSESSID=j8b5segvtn4v5ip3p8togma067&amp;action=login">Đăng nhập</a>
« Sửa lần cuối: Thứ sáu, 30/10/2020, 09:02:49 am gửi bởi admin »