A possible attack path during a penetration test is having access to the administrative console of a JAVA Application Server (like WAS, JBOSS and Tomcat) installed on a Windows server with default or guessable (e.g. through brute-force) administrative credentials.
Just a way around Apache Tomcat "brute-forcing" delay mechanism...
Operational security requires a continuous process of awareness, preparedness and readiness. It is a highly demanding, cross-domain activity that requires effective communication and coordination between people that often have different knowledge and perspective for information security within the organization. It is neither a fixed cost nor a fixed duration project; rather an on-going business program with strategy, plans, objectives and stakeholders.
Today’s vendor driven approach to cybersecurity which continues to add more and more layers, is not sustainable. With a mathematical certainty every security model will inevitably fail at least once, regardless of the defense and technology sophistication involved.
George Patsis @CRESTCON & IISP Congress gave an interview regarding the current state of information security, today's threatscape and a discussion on the cyber industry.
Obrela Security Industries has the pleasure to invite you to visit our stand at CRESTCon & IISP Congress 2017, which will take place on Wednesday 19 April 2017, at Royal College of Surgeons, London UK. CRESTCon & IISP Congress is a unique event that brings together leading technical and business information security professionals. Now in its fifth year, the event has become a key date in the industry calendar, attracting an impressive line-up of speakers and over 400 senior delegates.