Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Company: Amdocs The role (project title): Java Web Firewall Categories: Security, Communication networks General background: Amdocs products use a client server architecture, where the client is using Java Web Start and JNLP technologies. The client is a UI application, and using Java software it is able to send serialized Java objects over to the Amdocs server. The problem with Java serialization is that it is hard to monitor the traffic (unlike more modern UI approach like HTML 5) and alert on security threats like SQL Injections and XSS. Project Objective: The students will need to combine the following technologies in order to build a tool that will protect Amdocs servers: 1. Use a flexible open source proxy (sniffer) tool in order to interject the traffic from the client to the server. We recommend Burp proxy tool since it has a convenient extension for Java deserialization classes. 2. Use an extension to the proxy tool in order to deserialize Java objects from the network traffic. We need to make sure that the extension is using Amdocs JARs for deserialization. 3. Send deserialized objects to an open source security scan software. We recommend MOD security for that. 4. Analyze the results from the security scan software, and report back in case of a problem (using the UI and an alert based on EMAIL or SNMP). The students will have to learn the Burp extension and check if there are other better alternatives. The same with MOD security. Responsibilities: Develop the Java Web Security module. The module should be able to intercept and alert on known SQL injections and XSS vulnerability. Requirements: Programming skills in Java, application security background is advantage. Contact details: Dani Livne [email protected] 09-7762676, 052-4474243