tools for analyzing java code

From: Mads Rasmussen (mads_at_opencs.com.br)
Date: 05/05/05

  • Next message: Andrea Parrella: "Missing string length check in Horde"
    Date: Thu, 05 May 2005 10:17:46 -0300
    To: vuln-dev@securityfocus.com
    
    

    Anyone knows any tools to analyze security problems with java code?

    I have come across some, like

    Lint4j
    http://www.jutils.com/index.html

    CodePro Analytix
    http://www.instantiations.com/codepro/download.asp

    Jtest
    http://www.parasoft.com/jsp/products/home.jsp?product=Jtest&itemId=14

    Parasoft's Jtest that mainly does coding style analysis but appears to
    have some security checks (50+).

    I would like to hear from anyone who has experience with these tools or
    anyone who might know better ways to analyze java code from a security
    perspective.

    Regards,

    Mads Rasmussen
    Security Consultant
    Open Communications Security


  • Next message: Andrea Parrella: "Missing string length check in Horde"

    Relevant Pages

    • Re: tools for analyzing java code
      ... security expert. ... Knows Your Libraries -- I don't see how a tool can say anything about ... designed to facilitate human review by a security expert (and not focus on ... tools for analyzing java code ...
      (SecProg)
    • tools for analyzing java code
      ... Anyone knows any tools to analyze security problems with java code? ... Lint4j (open source) ... Parasoft's Jtest that mainly does coding style analysis but appears to ...
      (SecProg)