Java Endpoint Analyzer now accessible from Onapsis Research Labs
In the spirit of Cybersecurity Awareness Month and its theme "Secure Our World", Onapsis Research Labs has released a new tool called the Java Endpoint Analyzer (JEA). This tool is designed to help teams secure their Java-based SAP systems by identifying potential entry points for attackers.
JEA works by automatically analyzing deployment files such as web.xml, webdympro.xml, portalapp.xml, and others. Each file is parsed, and based on the information contained within, the entry points are created. The output of this analysis is an endpoints.json file containing all the found HTTP endpoints of the Java system.
The downloaded files are used by every type of web application, making JEA a versatile tool for any team working with Java-based systems. The analysis phase of the JEA process begins after the files are locally downloaded.
Onapsis Research Labs has already identified and reported several threats using JEA, including RECON and P4CHAINS. These threats could potentially exploit vulnerable URLs, making JEA an essential tool for teams looking to secure their systems.
JEA can be thought of as checking all the doors and windows in a house, allowing the user to decide whether to close or monitor them. It is intended for internal use as it requires OS credentials. To learn more about JEA and download it, visit GitHub.
It's important to note that JEA was developed by nemensis AG, although specific release date information is not available from the search results. JEA works with Servlets, SOAP applications, Portal applications, and Webdynpros, making it a comprehensive tool for any Java-based system.
By using JEA, teams can examine their most critical applications within their landscape, contributing to a safer world. With the increasing number of cyber threats, tools like JEA are essential for maintaining the security of our digital world.
