Websphere MQ Security Uncovered presented at SEC-T 2008

by Martyn Ruks (Mwr infosecurity),

Tags: Security WebSphere MQ

Summary : Last year the lid began to be lifted on the unglamorous world of Middleware security using Websphere MQ as an illustration. Unsurprisingly people didn't find the subject to be boring when they realised the impact that compromises of the software can have on critical business processes. Last year's presentations created additional interest in the subject and stimulated further research efforts.
This presentation will bring together information already in the public domain and new details about Websphere MQ security and the methods for subverting it.
You can expect to see a variety of attacks being performed including the misuse of both privileges and the MQ protocol. Other areas to be discussed will include the implications of exploit writing for MQ, defining testing methodologies and how to use the dradis framework to achieve this. With any luck the talk will also contain some findings from testing Websphere MQ Version 7 (this will be dependent on how secure the product is).

Martyn Ruks: Consultant manager