Diễn đàn Nhật Bản - diendannhatban.info

Please login or register.

Đăng nhập với Tên truy nhập, Mật khẩu và thời gian tự động thoát
Tìm kiếm chi tiết  

Tin tức:

Bạn không thể xem liên kết này. Đăng ký hoặc Đăng nhập

Trang: [1]   Xuống

Tác giả Chủ đề: [Research] JavaSnoop: How to hack anything in Java  (Đọc 1084 lần)


  • Trung úy
  • ***
  • Điểm yêu thích +5/-0
  • Offline Offline
  • Paypal Account: ddnbgroup@yahoo.co.jp
  • Diễn đàn Nhật Bản
[Research] JavaSnoop: How to hack anything in Java
« vào lúc: Thứ bảy, 5/12/2015, 09:42:10 am »



Many applications in the enterprise world feature thick Java clients.
Testing the security of such applications is considered practically more difficult
than a similar browser-based client because inspecting, intercepting and altering
application data is easy in the browser. With DOM inspection tools like Firebug
and WebKit Web Inspector, and HTTP proxy tools such as WebScarab, Fiddler
and Burp, assessing the trust boundary between the client and server has
become mostly commoditized in web applications.

Security practitioners have been struggling to reach the same level of
effectiveness when testing thick Java clients. Researchers have previously tried
to statically alter the application code through decompilation and recompilation
to add BeanShell script “hooks”. Also, work has been done to create proxies
that can parse simple serialized objects, a common way of sending data between
a Java client and server.

The purpose of this paper is to describe an alternate approach to testing the
security of a Java application. This approach utilizes instrumentation and Java
agents to make altering traffic, inspecting data and otherwise attacking a Java
application endpoint much easier than ever before. The implementation of this
approach is a tool called JavaSnoop.

Keywords: application security, instrumentation, agent, Java, virtual machine.

Bạn không thể xem liên kết này. Đăng ký hoặc Đăng nhập
Trang: [1]   Lên

Trang được tạo trong 0.06 seconds với 22 câu truy vấn.