Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: J2EE Security Training

from [Levenglick, Jeff] Network Security [Permanent Link]
Subject: RE: J2EE Security Training
Date: Wed, 26 Jan 2005 16:57:31 -0500 
I looked at their site. Ya know.. The one thing that makes me laugh at
some of the security firms is how they give up information that everybody
knows you should protect.

Off their own page:
http://www.paladion.net/customers/success_stories/application_security_audit.htm

"The client we refer to in this 'success story' is one of India's leading 
public sector banks. The bank recently launched a centralized banking solution 
through which their branches and automatic teller machines, spread across the 
country, are networked."



"Application architecture
The application has two major components:

The core banking system (CBS) connects the various branches and keeps track of 
all corporate banking data. The branches connect to a local server, which in 
turn connects to a central server running the application. This synchronization 
happens in real time. If there is a downtime the local server updates the data 
with the central server the next time it connects. The CBS database runs on 
Oracle, running on AIX. The local databases are also Oracle databases, but 
running on Win 2K. The interface for the end customer is via the web.

The retail banking component takes care of branch operations; it fully 
automates the branch operations. End users at the bank get a web interface to 
interact with the application. This is the interface with which customers can 
do Internet banking / phone banking / ATM operations. The branch-level 
operations are also handled by this method. The components include a branch 
server, which is an IIS web server, a communication server and the Oracle 
database. The communication server is responsible for communication with the 
central server."


A gift for hackers, by a security firm. Have to love it.

Jeffrey 

-----Original Message-----
From: Donald Philip [mailto:donald.philip@gmail.com]
Sent: Wednesday, January 26, 2005 09:33 AM
To: SECPROG@securityfocus.com
Subject: Re: J2EE Security Training


I attended a 2-day course on J2EE Security by Paladion (
http://www.paladion.net ) six months ago. That was a SANS-style public
program, but I know they offer on-site versions of the classes too.

The classes discussed common mistakes in J2EE applications and how to
avoid them. I have worked with servlets for 6 years and still found it
useful.

Donald.


-----Original Message-----
From: bsec@cotse.net [mailto:bsec@cotse.net] 
Sent: Tuesday, January 25, 2005 1:44 PM
To: SECPROG@SECURITYFOCUS.COM
Subject: J2EE Security Training

Greetings list,

Has anyone had a company come on-site to provide security training to
J2EE application developers?  I'm trying to find a consultant or
training company to provide a 2-3 day course on how to write secure
code in the J2EE environment.

Thanks in advance,
-Brett

-----------------------------------------
This e-mail message is private and may contain confidential or privileged
information.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Security: OSS vs. proprietary, development processes, deadlines, etc., David A. Wheeler
Next by Date:  RE: Writing Secure Code..., David LeBlanc
Previous by Thread:  Re: J2EE Security Training, Alejandro Sánchez Acosta
Next by Thread:  Software Vulnerability Severity Classification, Thomas Biege
Indexes:  [Date] [Thread] [Top] [All Lists]