本文共 547 字,大约阅读时间需要 1 分钟。
During the past week I spent some time documenting O2's support for Spring MVC apps. There is still quite a lot to do before we can do a proper security analysis of the JPetStore and PetClinic applications (for example 'mapping the JSPs to the controllers'), but hopefully these blog posts show the kind of analysis that is possible using O2:
JPetStore and PetClinic are demo apps which can be downloaded from here (includes tomcat), or from the main (look in the samples folder)
For more details on the Spring MVC Autobinding Vulnerabilities see:
转载地址:http://ephmb.baihongyu.com/