Hello, i m looking for gwt security resources... guidelines, best practices, code snippets, ... not ajax security but specific to gwt. Thanks

Take a look at the GWT Penetration Testing Toolset by Ron Gutierrez and the corresponding presentation from Owasp Appsec DC. I was able to take Ron's code and adapt it to a 2 way proxy (server - proxy 1 - scanner - proxy 2 - browser). This allowed me to leverage regular scanners to test against GWT applications. I don't have the code on me right now but can probably share if required. Also Lavakumar Kuppan's IronWASP tool has some capabilities for handling GWT applications. Yash Sent on my BlackBerry® from Vodafone -----Original Message----- From: Lebeau Frederic <frederic.lebeau@websurf.be> Sender: websecurity-bounces@lists.webappsec.org Date: Tue, 25 Oct 2011 06:45:11 To: websecurity@webappsec.org<websecurity@webappsec.org> Subject: [WEB SECURITY] Gwt security _______________________________________________ The Web Security Mailing List WebSecurity RSS Feed http://www.webappsec.org/rss/websecurity.rss Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA WASC on Twitter http://twitter.com/wascupdates websecurity@lists.webappsec.org http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

Total blog promotion, but this may help Frederic: https://www.aspectsecurity.com/blog/analyzing-google-web-toolkit-entry-points/ Cheers, Jon On Oct 24, 2011, at 23:45, Lebeau Frederic <frederic.lebeau@websurf.be> wrote: > Hello, i m looking for gwt security resources... guidelines, best practices, code snippets, ... not ajax security but specific to gwt. > > Thanks > >

I did a presentation, as well as, some blog posts on GWT security. Keep in mind that the tools I wrote were created close to two years ago and are therefore outdated and mostly likely don't work on current versions of GWT. The following links contain my slides and blogposts. I hope they help. Latest Slides from Shmoocon: https://github.com/GDSSecurity/GWT-Penetration-Testing-Toolset/blob/master/Attacking_GWT_Presentation.pdf?raw=true Learning GWT-RPC Request Structure: http://blog.gdssecurity.com/labs/2009/10/8/gwt-rpc-in-a-nutshell.html Fuzzing GWT-RPC Request: http://blog.gdssecurity.com/labs/2010/5/6/fuzzing-gwt-rpc-requests.html Enumerating GWT-RPC: http://blog.gdssecurity.com/labs/2010/7/20/gwtenum-enumerating-gwt-rpc-method-calls.html On Tue, Oct 25, 2011 at 12:45 AM, Lebeau Frederic < frederic.lebeau@websurf.be> wrote: > Hello, i m looking for gwt security resources... guidelines, best > practices, code snippets, ... not ajax security but specific to gwt. > > Thanks > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > -- *Ron Gutierrez*

In addition to Jon's links, here are a few GWT-related blogs written by Ron Gutierrez, that may be helpful. http://blog.gdssecurity.com/labs/tag/gwt Denny On Tue, Oct 25, 2011 at 6:50 AM, Jon Passki <jon@passki.us> wrote: > Total blog promotion, but this may help Frederic: > > https://www.aspectsecurity.com/blog/analyzing-google-web-toolkit-entry-points/ > > Cheers, > > Jon > > On Oct 24, 2011, at 23:45, Lebeau Frederic <frederic.lebeau@websurf.be> > wrote: > > Hello, i m looking for gwt security resources... guidelines, best > practices, code snippets, ... not ajax security but specific to gwt. > > Thanks > > > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > -- Denny