Download Java Web Firewall

Company: Amdocs
The role (project title): Java Web Firewall
Categories: Security, Communication networks
General background: Amdocs products use a client server architecture, where the client
is using Java Web Start and JNLP technologies. The client is a UI application, and using
Java software it is able to send serialized Java objects over to the Amdocs server. The
problem with Java serialization is that it is hard to monitor the traffic (unlike more
modern UI approach like HTML 5) and alert on security threats like SQL Injections and
XSS.
Project Objective: The students will need to combine the following technologies in
order to build a tool that will protect Amdocs servers:
1. Use a flexible open source proxy (sniffer) tool in order to interject the traffic
from the client to the server. We recommend Burp proxy tool since it has a
convenient extension for Java deserialization classes.
2. Use an extension to the proxy tool in order to deserialize Java objects from the
network traffic. We need to make sure that the extension is using Amdocs JARs
for deserialization.
3. Send deserialized objects to an open source security scan software. We
recommend MOD security for that.
4. Analyze the results from the security scan software, and report back in case of a
problem (using the UI and an alert based on EMAIL or SNMP).
The students will have to learn the Burp extension and check if there are other better
alternatives. The same with MOD security.
Responsibilities: Develop the Java Web Security module. The module should be able to
intercept and alert on known SQL injections and XSS vulnerability.
Requirements: Programming skills in Java, application security background is advantage.
Contact details: Dani Livne [email protected] 09-7762676, 052-4474243