tools for analyzing java code

From: Mads Rasmussen (mads_at_opencs.com.br)
Date: 05/05/05

Next message: Andrea Parrella: "Missing string length check in Horde"

Next in thread: Kyle Maxwell: "Re: tools for analyzing java code"
Reply: Kyle Maxwell: "Re: tools for analyzing java code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 05 May 2005 10:17:46 -0300
To: vuln-dev@securityfocus.com

Anyone knows any tools to analyze security problems with java code?

I have come across some, like

Lint4j
http://www.jutils.com/index.html

CodePro Analytix
http://www.instantiations.com/codepro/download.asp

Jtest
http://www.parasoft.com/jsp/products/home.jsp?product=Jtest&itemId=14

Parasoft's Jtest that mainly does coding style analysis but appears to
have some security checks (50+).

I would like to hear from anyone who has experience with these tools or
anyone who might know better ways to analyze java code from a security
perspective.

Regards,

Mads Rasmussen
Security Consultant
Open Communications Security

Next message: Andrea Parrella: "Missing string length check in Horde"

Next in thread: Kyle Maxwell: "Re: tools for analyzing java code"
Reply: Kyle Maxwell: "Re: tools for analyzing java code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: tools for analyzing java code
... security expert. ... Knows Your Libraries -- I don't see how a tool can say anything about ... designed to facilitate human review by a security expert (and not focus on ... tools for analyzing java code ...
(SecProg)
tools for analyzing java code
... Anyone knows any tools to analyze security problems with java code? ... Lint4j (open source) ... Parasoft's Jtest that mainly does coding style analysis but appears to ...
(SecProg)