Examples for security vulnerabilities of web applications
Posted by eichelgartenweg on 8:58 AM with 1 comment
Last week i found a quite good PDF about security vulnerabilities of web applications .
Its a Document from IBM for their software AppScan. Which is a security-scanner for web-apps.
The doc contains several examples (e.g.: for cross-site-scripting, SQL Injection, Failure to Restrict URL Access, Improper Error Handling, ...).
Download it here:
http://eichelgartenweg.googlepages.com/107647_may_06appscan_final.pdf
[or google for it]
Its a Document from IBM for their software AppScan. Which is a security-scanner for web-apps.
The doc contains several examples (e.g.: for cross-site-scripting, SQL Injection, Failure to Restrict URL Access, Improper Error Handling, ...).
Download it here:
http://eichelgartenweg.googlepages.com/107647_may_06appscan_final.pdf
[or google for it]
Categories: Cross-site scripting, Flaws, Injection, Malicious File Execution, Security, security vulnerability, WebSphere, xss
when I deploy a portlet (portlet weather for example )for liferay5.1.2 in WebSphere 6.1 I get this error level of incompatibility at the logs:
ReplyDelete[20/04/09 20:39:07:948 WET] 00000055 SystemOut O 20:39:07,874 ERROR [jsp:52] java.lang.ClassCastException: com.liferay.portlet.RenderRequestImpl incompatible with com.ibm.wsspi.portletcontainer.wrapper.PortletRequestWrapper
at com.ibm.ws.portletcontainer.core.CoreUtils.getInternalRequest(CoreUtils.java:24)
at com.ibm.ws.portletcontainer.core.impl.ServletInvocationListenerImpl.getInternalPortletRequest(ServletInvocationListenerImpl.java:66)
at com.ibm.ws.portletcontainer.core.impl.ServletInvocationListenerImpl.onServletFinishService(ServletInvocationListenerImpl.java:50)
at com.ibm.ws.webcontainer.webapp.FireOnServletFinishService.fireEvent(WebAppEventSource.java:333)
at com.ibm.ws.webcontainer.util.EventListeners.fireEvent(EventListeners.java:48)
at com.ibm.ws.webcontainer.webapp.WebAppEventSource.onServletFinishService(WebAppEventSource.java:116)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1060)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:907)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:118)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:696)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:641)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:475)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:463)
at com.ibm.wsspi.webcontainer.servlet.GenericServletWrapper.handleRequest(GenericServletWrapper.java:115)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.include(WebAppRequestDispatcher.java:606)
at com.liferay.portlet.InvokerPortletImpl.invoke(InvokerPortletImpl.java:575)
at com.liferay.portlet.InvokerPortletImpl.invokeRender(InvokerPortletImpl.java:646)
at com.liferay.portlet.InvokerPortletImpl.render(InvokerPortletImpl.java:414)
at com.ibm._jsp._render_5F_portlet._jspService(_render_5F_portlet.java:1369)
I want to know if there is a solution to this problem and thank you for your help