SecureJBoss

Securing JBoss Application Server

Securing JBoss Application Server v7.0

 

Please visit  Securing the Management Interfaces.

And also Hardening Guidelines - JBoss AS 7.2

Securing JBoss AS v6.x or v5.x

 

Premise

 

When you first download JBoss, it comes as an easy-to-install zip file.  Upon installation, you can easily deploy EJBs, web applications and a whole array of services.  However, you may be suprised how easy it is to compromise the services.  JBossSX can fix that by securing those functions.

 

These are the steps to secure the default download of JBoss:

 

 

Related

 

http://sourceforge.net/docman/display_doc.php?docid=20143&group_id=22866

(DE) http://www.redteam-pentesting.de/publications/2009-06-03-Whitepaper_Whos-the-JBoss-now_RedTeam-Pentesting.pdf

(EN) http://www.redteam-pentesting.de/publications/2009-11-30-Whitepaper_Whos-the-JBoss-now_RedTeam-Pentesting_EN.pdf