tools for analyzing java code

From: Mads Rasmussen (mads_at_opencs.com.br)
Date: 05/05/05

  • Next message: Andrea Parrella: "Missing string length check in Horde"
    Date: Thu, 05 May 2005 10:17:46 -0300
    To: vuln-dev@securityfocus.com
    
    

    Anyone knows any tools to analyze security problems with java code?

    I have come across some, like

    Lint4j
    http://www.jutils.com/index.html

    CodePro Analytix
    http://www.instantiations.com/codepro/download.asp

    Jtest
    http://www.parasoft.com/jsp/products/home.jsp?product=Jtest&itemId=14

    Parasoft's Jtest that mainly does coding style analysis but appears to
    have some security checks (50+).

    I would like to hear from anyone who has experience with these tools or
    anyone who might know better ways to analyze java code from a security
    perspective.

    Regards,

    Mads Rasmussen
    Security Consultant
    Open Communications Security


  • Next message: Andrea Parrella: "Missing string length check in Horde"