Corsaire White Paper: Assessing Java Clients with the BeanShell

[Stephen de Vries <stephen () corsaire com>]

http://www.corsaire.com/white-papers/060816-assessing-java-clients- 
with-the-beanshell.pdf
Assessing the security of Java applications, and particularly client- 
server applications, can be a tedious process of modifying the code,  
compiling, deploying, testing and repeat. This becomes even more  
difficult when the source code to the application is not available.  
What security testers require is an easy means of interacting with  
the internals of a Java application during execution without  
recompiling the code.

The BeanShell (http://www.beanshell.org) provides an interpreted,  
scripting environment that can plug in to any Java application or  
applet and allows users to inspect and manipulate objects  
dynamically. This paper demonstrates a technique for using the  
BeanShell to assess the security of a typical Java client-server  
application.



--
Stephen de Vries
Corsaire Ltd
E-mail: stephen () corsaire com
Tel:    +44 1483 226014
Fax:    +44 1483 226068
Web:    http://www.corsaire.com

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
 
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------