{"id":5271,"date":"2015-12-14T14:45:07","date_gmt":"2015-12-14T19:45:07","guid":{"rendered":"http:\/\/appcrawler.com\/wordpress\/?p=5271"},"modified":"2015-12-14T14:45:07","modified_gmt":"2015-12-14T19:45:07","slug":"finding-sensitive-data-in-a-heap-dump","status":"publish","type":"post","link":"http:\/\/appcrawler.com\/wordpress\/2015\/12\/14\/finding-sensitive-data-in-a-heap-dump\/","title":{"rendered":"Finding sensitive data in a heap dump"},"content":{"rendered":"<p>What is below proves the card holder PAN is in the clear in the dump\u2026<\/p>\n<pre>\r\npublic class memSecurity {\r\n  public static void main (String args[]) throws Exception {\r\n    String c = \"1234567887654321\";\r\n    Thread.sleep(180000);\r\n  }\r\n}\r\n<\/pre>\n<p>Compile and run what is above, and at the same time, trigger a heap dump with jmap, then fire up jhat pointing to the just created heap dump, and you have your card number\u2026<\/p>\n<p><img alt='' class='alignnone size-full wp-image-5272 ' src='http:\/\/appcrawler.com\/wordpress\/wp-content\/uploads\/2015\/12\/img_566f19f703f74.png' \/><\/p>\n<p>\u2026and\u2026<\/p>\n<p><img alt='' class='alignnone size-full wp-image-5273 ' src='http:\/\/appcrawler.com\/wordpress\/wp-content\/uploads\/2015\/12\/img_566f1a0ab0765.png' \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is below proves the card holder PAN is in the clear in the dump\u2026 public class memSecurity { public static void main (String args[]) throws Exception { String c = &#8220;1234567887654321&#8221;; Thread.sleep(180000); } } Compile and run what is&hellip;<\/p>\n<p class=\"more-link-p\"><a class=\"more-link\" href=\"http:\/\/appcrawler.com\/wordpress\/2015\/12\/14\/finding-sensitive-data-in-a-heap-dump\/\">Read more &rarr;<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[24,25,66],"tags":[],"_links":{"self":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts\/5271"}],"collection":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/comments?post=5271"}],"version-history":[{"count":1,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts\/5271\/revisions"}],"predecessor-version":[{"id":5274,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/posts\/5271\/revisions\/5274"}],"wp:attachment":[{"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/media?parent=5271"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/categories?post=5271"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/appcrawler.com\/wordpress\/wp-json\/wp\/v2\/tags?post=5271"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}