1,105,625 Community Members

JSP/Java/Tomcat Website Hacking

Member Avatar
AshtonHogan
Posting Whiz in Training
209 posts since Jul 2009
Reputation Points: -3 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

Hi,

Does anyone know where I can read about ways to protect a website from potential threats? i.e. SQL Injection, etc. In particular, a website using HTML/JSP/Servlets/Java/Tomcat.

Thanks,
Ashton.

Member Avatar
peter_budo
Code tags enforcer
7,935 posts since Dec 2004
Reputation Points: 2,502 [?]
Q&As Helped to Solve: 1,028 [?]
Skill Endorsements: 66 [?]
Moderator
Featured
 
0
 

1. Your Tomcat should be running on Apache server, do not expose Tomcat directly to user
2. Do not run servers as root user, create specific user for it with certain set of privileges
3. Close connection to your database from outside and use localhost for connection
4. If you need to manipulate database learn how to do it from command line or learn how to use ssh to get you in touch with DB and set GUI tool access
5. You can always google for sql injection test, sql injection prevention java. First step ca be using PreparedStatement instead of plane statement, or even better learn Hibernate (HTML or PDF tutorial)

Member Avatar
AshtonHogan
Posting Whiz in Training
209 posts since Jul 2009
Reputation Points: -3 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

Thanks.

I was hoping for something more though. I know that there's a list of possible ways that you didn't mention, for example "Cookie Poisoning" - I just want to know all the possible risks out there.

Member Avatar
~s.o.s~
Failure as a human
10,399 posts since Jun 2006
Reputation Points: 2,496 [?]
Q&As Helped to Solve: 992 [?]
Skill Endorsements: 72 [?]
Administrator
Featured
 
0
 
Member Avatar
AshtonHogan
Posting Whiz in Training
209 posts since Jul 2009
Reputation Points: -3 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

That doesn't exactly help...

Member Avatar
~s.o.s~
Failure as a human
10,399 posts since Jun 2006
Reputation Points: 2,496 [?]
Q&As Helped to Solve: 992 [?]
Skill Endorsements: 72 [?]
Administrator
Featured
 
0
 

You asked:

Does anyone know where I can read about ways to protect a website from potential threats?

from the link I posted:

This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks

Post a more specific question and you'll get a better reply. I hope you realize that without posting what you are already aware of, your question is open to all sorts of suggestions/links, no?

Member Avatar
AshtonHogan
Posting Whiz in Training
209 posts since Jul 2009
Reputation Points: -3 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
-1
 

lol if you can't answer the question let someone else answer.

Member Avatar
~s.o.s~
Failure as a human
10,399 posts since Jun 2006
Reputation Points: 2,496 [?]
Q&As Helped to Solve: 992 [?]
Skill Endorsements: 72 [?]
Administrator
Featured
 
1
 

Indeed, I shouldn't have answered this question; from your posting history it seems that you have a knack for biting the hand which tries to help you. Enjoy the ignorance and the bliss which comes with it I guess...

Member Avatar
AshtonHogan
Posting Whiz in Training
209 posts since Jul 2009
Reputation Points: -3 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

Haha

Member Avatar
peter_budo
Code tags enforcer
7,935 posts since Dec 2004
Reputation Points: 2,502 [?]
Q&As Helped to Solve: 1,028 [?]
Skill Endorsements: 66 [?]
Moderator
Featured
 
0
 

Well I gave my guidance, but guess this guy need spoon-feeding. No thank you, I'm not babysitter.
Ashton continue behave like this and you will see only doors of this forum

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: