Hi devs, I've been investigating Apache Tomcat within my Bachelor's thesis "Application of security test tools in open source" at the Free University of Berlin (FU Berlin) [1]. Basically, I am looking for security measures which have been taken to prevent security leaks/vulnerabilities especially with security test tools
Apache Tomcat is a extremely popular servlet engine. The nature of the application offers to compromise the web apps and reveal sensitive data. It does not seem that Tomcat cannot be tested the classic way web apps are, e.g. testing with fuzzer for SQL injection, parameter tampering, path traversal etc. So far, I have search the repository and the ant build.xml, the homepage and the mailing list.The homepage and mailing list revealed no information at all to me. I did find that you refer to security audit conducted against the 5.0 codebase [2]. Unfortunately, no information was given what was found and what measures have been taken afterwards. Security advisories are taken up by a security team [3]. Does this team or any other group/person take any measures to assure security with testing tools, with a special test plan or functional requirements? Thanks in advance, Michael [1] https://www.inf.fu-berlin.de/w/SE/ThesisFOSSSecurityTools [2] http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html [3] http://tomcat.apache.org/security-6.html -- <NO> OOXML - Say NO To Microsoft Office broken standard http://www.noooxml.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
