Hello all, I was asked to assess a jnlp application a while back. Searching the web provided little to no information as to how one should – at least start – such an engagement, so - I was at it - I set off to create one myself. As a you’ ve been warned sign, it is neither groundbreaking research nor rocket science; and was not meant as such. I gathered some available information as to the exact nature and semantics of jnlp application, documented the process and tools I used and provided a few attack scenarios in a sample application developed for this intent in a few blog posts that may serve as a starting point to someone on a similar point in the future. The starting post is at http://zqyves.wordpress.com/2011/09/24/jnlp-application-security-assessment-setting-the-scene/ The rough structure of the posts is the following: •       JNLP Application Security Assessment – Part 1 : Analysis of a typical JNLP file •       JNLP Application Security Assessment – Part 2 : Runtime Mapping of a JNLP Application •       JNLP Application Security Assessment – Part 3 : Application decomposition / Static analysis •       JNLP Application Security Assessment – Part 4 : Dynamic analysis Best regards, ./Zacharias -- --------------------------------------------------------------------- Κρέων ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενον ἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον. Οιδίπους Τύρρανος [110] --------------------------------------------------------------------- Creon In this our land, so said he, those who seek  Shall find; unsought, we lose it utterly. Oedipus Rex [110] ---------------------------------------------------------------------