Security tools for audit and penetration testing weblogic server 10.3.5.0 and other

hi all
is it possible please introduce me the best softwares for auditing and penetration testing on weblogic server 10.3.5 (scan the machine for finding vulnerabilities and unsecured configuration in web logic server)
thanks for your attention
good luck

This is a good one
IBM developerWorks : Download : IBM Security AppScan V8.8

Similar Messages

  • What is the best cleanup/security tool for Lion

    I am looking for a good cleanup/security tool for my iMac. Specifically for Lion. Any recommendations or horror stories will be appreciated.

    anti-virus is not necessary unless you have Windows installed on a seperate partition.  Security tools aren't necessary either.  You are on a mac, not a pc.  Totally different worlds.  You can download Disk Doctor from the app store for 99 cents.  And if you insist on an a/v program, install ClamXav (it's free-do a google search for it)

  • When trying to download apps on my new iPad I keep getting prompted to update my security questions for my safety. When I choose this option it freezes and won't load the questions, however, when I hit not now it won't let me download. What do I do?

    When trying to download apps on my new iPad I keep getting prompted to update my security questions for my safety. When I choose this option it freezes and won't load the questions, however, when I hit not now it won't let me download. What do I do?

    Reboot your iPad and then see if you can set the security questions.
    Reboot the iPad by holding down on the sleep and home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider - let go of the buttons.

  • How to speed up frequent undeploy and deploy on weblogic server ?

    We have one web application deployed on a Weblogic Server (10.3).
    We use ANT and the wldeploy task ( http://download.oracle.com/docs/cd/E13222_01/wls/docs90/programming/wldeploy.html ) to UNDEPLOY and DEPLOY (frequently) the webapp.
    It seems to us that the entire process (RECOMPILE -> make WAR -> UNDEPLOY -> DEPLOY) , which is completely automatic (made by ANT), is too slow (about 1 minute) , especially the step of DEPLOY.
    Do exist some tricks to speed up the entire process ?
    We have 4/5 notebook (the developers PCs) and 1 remote Weblogic Server .
    (SORRY, some admin can move this thread on weblogic server forum ? Thanks)
    Edited by: user3873926 on 29-ott-2009 9.21

    Just a suggestion: Try using iWS6.0SP2, it has some performance improvements.

  • How to install and configure ms exchange server 2007 both role hub and edge transport role in one network

    How to install and configure ms exchange server 2007 both role hub and edge transport role in one network 

    Hi,
    Edge role is design for perimeter networks, to keep security risks minimum.  So it’s not recommended to have edge role in internal network. Must have separate network or subnet for edge services.
    If you are playing around it in labs, then you can put edge role within same subnet as other exchange roles and no specific requirements in that case.
    Thanks.
    MachPanel - Premium Cloud Automation Solution

  • Generating Security Events for Auditing Purposes

    Hello! What I’m writing about today concerns generating events in the Security Log on Win2008 R2 for auditing purposes. Information on this specific action is fairly scare online, from what I’ve seen, after some extensive searching.
    If there were a utility that would facilitate this, that would be ideal, but I’m not seeing anything of that nature. I see that there are some APIs (e.g. AuthzReportSecurityEvent) that allow this sort of thing, but I’m not quite sure where to start with those.
    I pick up most programming things pretty quickly, but I’ve not done anything with C# or .NET before.
    My initial thought was to use eventcreate and write a simple batch file to generate a bunch of events, but eventcreate turned out to be a dead end, since I need to audit occurrences of lots of events in the 4XXX range, like 4726.
    I then tried PowerShell (New-EventLog –LogName Security –Source “TEST” then
    Write-EventLog –LogName Security –Source “TEST” –EntryType Information –EventID 1 –Message “TESTING”) but with the Security log being locked down that won’t fly.
    I tried giving myself full rights on the eventlog registry key and the security key specifically, but that didn't work. Is there something obvious that I'm missing?
    If I need to call the APIs with a script or application of some sort (ideally a script), I can look into that, but I’m afraid that I’m rather puzzled on how to start.
    Thank you very much for your time!

    Hi,
    If you want to get a scripting solution, I would suggest you refer to
    The Official Scripting Guys Forum to get professional support:
    The Official Scripting Guys Forum
    http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG
    In addition, you can also configure email notifications on specific events IDs:
    Getting event log contents by email on an event log trigger
    http://blogs.technet.com/b/jhoward/archive/2010/06/16/getting-event-log-contents-by-email-on-an-event-log-trigger.aspx
    E-mail Notification of Security events
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/37a54113-e53f-4024-ae4b-59ab18be62fd/email-notification-of-security-events?forum=winserverDS
    Best Regards,
    Amy Wang

  • Testing weblogic server with jdk1.4b3 -- how to configure login security manager?

    Hi got the error I include when trying to start weblogic server sp1 with new jdk1.4b3.
    Since it seems just an error of authentication, I'm wondering if it is possible
    to give a correct login configuration.
    It's just a test to see if we can use jdk1.4 for our next project with Bea Weblogic.
    Thanks,
    pakkio
    D:\bea\wlserver6.0\config\mydomain>notepad startWebLogic.cmd
    D:\bea\wlserver6.0>set PATH=.\bin;d:\apps\Oracle\Ora81\bin;C:\Programmi\Oracle\j
    re\1.1.7\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;d:\apps\Ora
    cle\Ora81\orb\bin;d:\apps\SSH
    D:\bea\wlserver6.0>set CLASSPATH=d:\bea\wlserver6.0.;D:\bea\wlser
    ver6.0\config\mydomain\applications\DefaultWebApp_myserver\WEB-INF\classes\lib\mail.jar;D:\bea\wlserver6.0\config\mydomain\applications\DefaultWebApp_myserver\W
    EB-INF\lib\jasper.jar;.\lib\weblogic_sp.jar;.\lib\weblogic.jar
    La sintassi del nome del file, della directory o del volume è incorretta.
    D:\bea\wlserver6.0>"D:\apps\jdk14b3\bin\java" -hotspot -ms64m -mx64m -classpath
    d:\bea\wlserver6.0\ext\crack.jar;.;D:\bea\wlserver6.0\config\mydomain\applicatio
    ns\DefaultWebApp_myserver\WEB-INF\classes\lib\mail.jar;D:\bea\wlserver6.0\config
    \mydomain\applications\DefaultWebApp_myserver\WEB-INF\lib\jasper.jar;.\lib\weblo
    gic_sp.jar;.\lib\weblogic.jar -Dweblogic.Domain=mydomain -Dweblogic.Name=myserve
    r "-Dbea.home=D:\bea" weblogic.Server
    java.lang.SecurityException: Impossibile trovare una configurazione di login
    at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:99)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstruct
    orAccessorImpl.java:42)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingC
    onstructorAccessorImpl.java:30)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:277)
    at java.lang.Class.newInstance0(Class.java:301)
    at java.lang.Class.newInstance(Class.java:254)
    at javax.security.auth.login.Configuration$3.run(Configuration.java:223)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.Configuration.getConfiguration(Configuratio
    n.java:217)
    at javax.security.auth.login.LoginContext$1.run(LoginContext.java:172)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.init(LoginContext.java:169)
    at javax.security.auth.login.LoginContext.<init>(LoginContext.java:395)
    at weblogic.security.internal.ServerAuthenticate.main(ServerAuthenticate
    .java:80)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:167)
    at weblogic.Server.main(Server.java:35)
    Caused by: java.io.IOException: Impossibile trovare una configurazione di login
    at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:208)
    at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
    ... 16 more

    Did you find any solution? We have the same problem: If we define a realm in weblogic-application.xml
    <security>
    <!--
    This element names a security realm that will be used by the
    application. If no specified, then the system default realm will be
    used
    -->
    <realm-name>dmzrealm</realm-name>
    </security>
    then the following exception is logged even if there is a dmzrealm in our Weblogic configuration:
    weblogic.security.service.InvalidParameterException: [Security:090396]Security Realm dmzrealm does not exist
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.getSecurityServiceInternal(CommonSecurityServiceManagerDelegateImpl.java:279)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.getSecurityService(CommonSecurityServiceManagerDelegateImpl.java:225)
    at weblogic.security.service.SecurityServiceManager.getSecurityService(SecurityServiceManager.java:188)
    at weblogic.application.internal.flow.SecurityRoleFlow.initSecurityService(SecurityRoleFlow.java:133)
    at weblogic.application.internal.flow.SecurityRoleFlow.prepare(SecurityRoleFlow.java:79)
    Truncated. see log file for complete stacktrace

  • Weblogic 8.1 and Eclipse using Weblogic Server Tools

    I am working on a project that has been developed with Weblogic 8.1 without integration into an IDE (Eclipse, etc.) We are trying to convert the source tree to a form usable within Eclipse using Weblogic Server Tools. We want to make deployment on developer workstations quicker and easier and provide for server side debugging. There is not much documentation on how to do this that I have been able to find. I have just finished reading the details of the split directory strucuture in the Weblogic documentation and understand that Server Tools uses the split directory concept. My question is basically how we create the project in Eclipse (with Server Tools plug-ins) initially. Is anyone out there still using Weblogic 8.1 and Eclipse 3.3 (Europa) using Weblogic Server Tools that can help?

    There isn't much in a way of documentation that's explicit to WebLogic Server Tools, but a lot of Workshop 10.2 documentation applies. Basically, you will want to create Dynamic Web Projects to house your code. On the first page of Dynamic Web Project wizard, you will get a chance to define and target a server (WLS 8.1 in your case). That will configure your project classpath for WLS 8.1 and get everything else squared away.
    Note that there is only very basic support for 8.1. In particular, the split-directory concept is not supported, but deployment is taken care of for you behind the scenes, so the details shouldn't matter that much.

  • Problems unwrapping SPNEGO token for Single Signon (SSO) in WebLogic Server

    First of all, a quick description of our issue. We’ve tried many different things, but cannot get WebLogic to unwrap the SPNEGO token so it authenticates using Kerberos. We received several errors while trying to debug, here’s the one we see most:
    KDC has no support for encryption type (14)
    But we doubt it has anything to do with the encryption type, as these are set correctly everywhere.
    We’ve tried following some of the instructions on the BEA website (which contain several errors).
    One of them was also adding a host/ SPN (in krb5login.conf) but then, when using HTTP/ SPN we get the following error (it seems with multiple SPN’s it only takes the first or last SPN that was set):
    Client not found in Kerberos database (6)
    Next try was using the host/ SPN but that results in the following error:
    Integrity check on decrypted field failed (31)
    We’ve tried changing the default_enctypes in KRB5.INI (We’ve removed the entries, and also tried only DESCBC_MD5 and DES_CBC_CRC) but that did not change the behaviour.
    We’ve tried adding the AllowTGTSessionKey registry key on client and server, but that didn’t change it either.
    We are not sure what details you need for this to debug, so here’s what we’ve done to install the environment (please note that ip-addresses, domain, client and server names are made up and are different in real-life),
    We have two domains:
    Domain1 (DOMAIN1.COM) contains:
    Domain Controller      “AD1”      with IP 192.168.0.1
    Domain Controller      “AD2”      with IP 192.168.1.1
    Client           “Client1”      with IP 192.168.2.1
    Domain2 (DOMAIN2.COM) contains:
    Domain Controller      “AD3”      with IP 10.0.0.1
    Server (WebLogic)     “Server1”      with IP 10.0.1.2
    Between Domain1 and Domain2 a firewall exists in which we’ve opened the relevant ports like LDAP (TCP 389), Kerberos (UDP 88), WebLogic (7001/7002).We do not see any firewall blocks on other ports…
    We’ve configured AD1 (Microsoft AD with KDC) as follows:
    1. Account “SSOAccountAD” created
    2. Password never expires
    3. DES encryption on
    4. Do not require Kerberos preauthentication off
    5. Password “Password” was reset several times
    6. ServicePrincipalName was set using this
        setspn -A HTTP/Server1.DOMAIN1.COM SSOAccountAD7. ServicePrincipalName on AD1 was checked (and found to be ok) using this command:
        setspn -L SSOAccountAD8. KTPass was executed:
    ktpass -princ HTTP/[email protected] -mapuser SSOAccountAD -pass Password9. User Logon name was checked, it's set to "HTTP/Server1"
    10. ServicePrincipalName on AD2 was checked (and found to be ok) using this command:
    setspn -L SSOAccountADWe’ve configured the WebLogic Server (Server1) as follows:
    1. LDAP authentication was activated and test ok
    2. Single Pass Negotiate Identity Asserter was created with Chosen Type “Authorization”
    3. KRB5.INI file was created and added to %windir% (and C:\WINNT folder to be able to test with Java ktab and kinit which do not look in the %windir% folder):
    [libdefaults]
    default_realm = DOMAIN1.COM
    dns_lookup_realm = false
    dns_lookup_kdc = false
    default_tkt_enctypes=DES-CBC-CRC
    default_tgs_enctypes=DES-CBC-CRC
    [realms]
    DOMAIN1.COM = {
    kdc = 192.168.0.1
    admin_server = 192.168.0.1
    default_domain = DOMAIN1.COM
    [domain_realm]
    .domain1.com = DOMAIN1.COM
    domain1.com = DOMAIN1.COM
    [appdefaults]
    autologin = true
    forward = true
    forwardable = true
    encrypt = true4. We’ve installed JDK 1.5.0.12: jdk-1_5_0_12-windows-i586-p.exe
    5. Keytab File was created (with password “Password”):
    ktab -k SSOKeyTabFile -a HTTP/[email protected]. Keytab File and Kerberos communication was tested using:
    kinit -k -t SSOKeyTabFile HTTP/[email protected]. Keytab File and Kerberos communication was tested using Java (incl. Debugging):
    java -Dsun.security.krb5.debug=true sun.security.krb5.internal.tools.Kinit -k -t SSOKeyTabFile HTTP/[email protected]. Keytab was listed:
    java -Dsun.security.krb5.debug=true sun.security.krb5.internal.tools.Klist9. SSOKeyTabFile was copied to the WebLogic ProductionDomain folder
    10. The krb5login.conf file was created and copied to the WebLogic ProductionDomain folder:
    com.sun.security.jgss.initiate {
         com.sun.security.auth.module.Krb5LoginModule required
         principal="HTTP/[email protected]" useKeyTab=true
         keyTab=SSOKeyTabFile storeKey=true debug=true;
    com.sun.security.jgss.accept {
         com.sun.security.auth.module.Krb5LoginModule required
         principal=" HTTP/[email protected] " useKeyTab=true
         keyTab=SSOKeyTabFile storeKey=true debug=true;
    };11. WebLogic service and startWeblogic.cmd were modified with the following parameters:
    -Djava.security.krb5.realm=DOMAIN1.COM
    -Djava.security.krb5.kdc=192.168.0.1
    -Djava.security.auth.login.config=<ProductionFolder>\krb5login.conf
    -Djavax.security.auth.useSubjectCredsOnly=false
    -Dweblogic.security.enableNegotiate=true
    -DDebugSecurityAdjudicator=true
    -Dweblogic.debug.DebugSecurityAtn=true
    -Dweblogic.debug.DebugSecurityAtz=true
    -Dweblogic.Debug.DebugSecurityATN=true
    -Dweblogic.StdoutSeverityLevel=64
    -Dweblogic.StdoutDebugEnabled=true
    For the client pc (Client1) we’ve checked the browser settings:
         Automatic Logon only in Intranet Zone
         Enable Integrated Windows Authentication
    On the client we’ve used “kerbtray.exe” to see whether a kerberos token is created, and it is (although with the full domain name, HTTP/Server1.domain1.com).
    We’ve checked for Kerberos communication with Wireshark and see that the client does communicate, and passes the SPNEGO token to the WebLogic server, but we do not see any Kerberos communication on the WebLogic server. The server simply requests Authorisation again…
    If required we have the full wireshark traces of the WebLogic Server and the Client. We also have very detailed WebLogic tracing which I can provide.
    Any thoughts?
    Kind Regards,
    Nika.

    It turned out to be solved by removing the SSOAccount in AD and recreating it (including re-setting the password, which had already been done several times).
    Regards,
    Nika.

  • Problem to deploy to a WebService interface for ADF Business Components to Weblogic Server

    Hi,
      I'm trying to deploy a custom application ,in which i have exposed ADF Business Components through a WebService interface, to a standalone weblogic server.
    Application Module is configured with a Service Interface for ordinary ViewObjects.
    Now I want to create a EAR file of this application to deploy it on the weblogic server.
    But I got an error while deploying it.The error i am getting is shown below.
    ERROR: No Java EE modules detected in EAR archive. Deployment aborted. == (oracle.jdevimpl.deploy.ear.WeblogicAssembler)
    I have followed the steps mention in the below link :
    http://technology.amis.nl/2010/12/29/quickly-creating-reploying-and-testing-a-webservice-interface-for-adf-business-components/
    I'm using Jdeveloper 11.1.2.4 on windows.
    Please suggest what i could be doing wrong.
    Regards,
    Himanshu

    Does the deployment profile include Java EE modules?
    Refer
    Java EE Developer: ERROR: No j2ee modules detected in EAR archive. Deployment aborted. == (oracle.jdeveloper.deploy.Veto…

  • ADF security : How to get fnd_users list in weblogic server

    Hi All,
    I have a question related to ADF security.
    I am able to apply ADF security to the application, where users information and roles are defined in jazn.xml file.
    On deployment, users/ roles information is being successfully ported to weblogic server.
    But my requirement is to fetch users information from fnd_users table. If you have any idea as how to get the fnd_users data to weblogic, please reply.
    Thanks,
    Randhir

    Thanks John.
    I went through the link and got steps for authentication with fnd_users.
    I have one more question on this.
    Do I need to enable jazn.xml for implementing security or only the steps given in this link is sufficient?
    Since roles are also stored into fnd table, how to secure the taskflow? (roles are not defined in jazn.xml)

  • Difference between Enterprise Standalone and Enterprise on Weblogic Server

    Hi,
    If I test my process on Standalone Enterprise Server and then test the same process on Enterprise Server on Weblogic (WLS), will there be any difference in my testing.. Will I receive different results or the results would be the same?

    Hi,
    In Studio,in project preferences in General you have a check box that says something like Development for J2EE,that you should check if you are going to deploy to WLS or WAS. But there is no reason why something develop for StandAlone is not going to work in J2EE.
    HTH

  • How to know report server name in oracle forms and reports with weblogic server 10.3.5

    Hello Experts,               I am new in oracle forms and reports.I have installed Oracle forms 11g with weblogic server 10.3.5 at windows 7.Forms and reports are working well.But I want to call a report from an oracle form button press trigger. For This I need to know the my report server name which i dont know.Please tell me how can I know my report server name.

    I want to call a report from an oracle form button press trigger. For This I need to know the my report server name
    You can find the name of the standalone reports server in $ORACLE_INSTANCE/config/ReportsServerComponent.
    Or you can use Fusion Middleware Control Console, normally at  http://<machine name>:7001/em

  • Forms and Reports in Weblogic Server 12c?

    I'm trying to determine if Forms and Reports 11g are supported in Weblogic Server 12c.  I have found numerous questions from years ago indicating that that was not the case then, but I also found a few posts that indicated that this support would be added in the future.  I am unable to find any recent posts to confirm this nor do I see anything in the certification matrices that lead me to believe that this is a supported configuration.  Can anyone give a definitive answer?

    I want to call a report from an oracle form button press trigger. For This I need to know the my report server name
    You can find the name of the standalone reports server in $ORACLE_INSTANCE/config/ReportsServerComponent.
    Or you can use Fusion Middleware Control Console, normally at  http://<machine name>:7001/em

  • IWeb's blogs and Apple's weblog server

    Has anyone looked at the use of iWeb/blogs and Apple's web log server app on the server side? The more I use iWeb for a personal project on my .mac acct, I think about using it in commbination with our Apple Xserve/ OS X Server at work. But the two (iWeb and OS X Server weblog server) seem like conflicting applications? Comments?

    acct, I think about using it in commbination with our
    Apple Xserve/ OS X Server at work.
    You should be able to use iWeb blogs on your own server, but you won't be able to have comments and attachments, those functions are disable when you publish to a folder.
    Comments and attachments use some special webojbect+ js, append the following to your summary or .Mac blog page and you'll see what I mean.
    blog_page.html?wsc=enrty.js
    blog_summary.html?wsc=summary.js

Maybe you are looking for

  • Can you automatically downsample images in Keynote without cropping?

    Hello All, I am trying to get Keynote to perform what I think is a pretty basic task, but can't figure out how to make it happen.  I am an art teacher and frequently show my students slide shows made from a large database of .jpgs I have amassed.  Mo

  • Apps not showing (more info on description)

    Hi. I have downloaded an app called AirportZoom, an airport and flight status app tracking flights from more than 120 airports. So, it wasn't working a while ago, so I decided to re-install it, but before that, I deleted the app. Then I tried re-inst

  • PERFORM etd_list1 IN PROGRAM sapleinb - ECC Version 5

    Hi Guys, I was wondering whether you have encountered my issue here. Basically, the code I pasted below works in version 4.6C. However, when we upgraded to version ECC 5, the LIST_TO_ASCI function module failed. I saw the differences between the two

  • Is it possible to move bought software license to AppStore?

    Dear community, I wonder if it's possible to sort of "migrate" once bought tools, that are also available in the AppStore to the AppStore? It would be a great move so I do not have to take care for updates and stuff. There was a thread here that ment

  • Modbus TCP/IP read timeout

    The code below was taken from the NI Modbus library: The first TCP Read VI, reads 7 bytes as a binary string. The data string is then cast to the MBAP_Header data type. The MBAP header contains a length field, that is used to determine the length of