SecureJBoss

    Securing JBoss Application Server

    Securing JBoss Application Server v7.0

     

    Please visit  Securing the Management Interfaces.

    And also Hardening Guidelines - JBoss AS 7.2

    Securing JBoss AS v6.x or v5.x

     

    Premise

     

    When you first download JBoss, it comes as an easy-to-install zip file.  Upon installation, you can easily deploy EJBs, web applications and a whole array of services.  However, you may be suprised how easy it is to compromise the services.  JBossSX can fix that by securing those functions.

     

    These are the steps to secure the default download of JBoss:

     

     

    Related

     

    http://sourceforge.net/docman/display_doc.php?docid=20143&group_id=22866

    (DE) http://www.redteam-pentesting.de/publications/2009-06-03-Whitepaper_Whos-the-JBoss-now_RedTeam-Pentesting.pdf

    (EN) http://www.redteam-pentesting.de/publications/2009-11-30-Whitepaper_Whos-the-JBoss-now_RedTeam-Pentesting_EN.pdf