We finally came around to translate and release the 27+ pages of our JBoss paper (see also this post). That was quite some work, the first versions of my translations always read like a one-to-one translation from German. Then I read it again and correct those horribly sounding sentences to what I hope is reasonably passable English. Thanks go also to Lutz for proof-reading and riddling the LaTeX sources of the PDF with FIXMEs ;).
The paper should have been released a lot earlier, but as usual, other work took over. But better late than never.
The paper can be found in our “Publications” section as usual. To our knowledge, this is currently the only paper dealing with the JBoss AS and its Invokers from an attacker’s perspective.