This paper gives an introduction of security code review inspections, and provides details about web application security vulnerabilities identification in the source code. This paper gives the details of the inspections to perform on the Java/J2EE source code. This paper explains the process of identifying vulnerable code and remediation details. This paper illustrates the specific locations of code flows to be checked to identify web application vulnerabilities.
Read 
the article (in PDF format). In this article Maraju has gathered a list of code review tools for JAVA/J2EE which can be used for security:
1- Escjava
2- Hammurapi
3- Jlint
4- JavaPathFinder
5- JavaPureCheck
6- Checkstyle
7- Pmd
8- Findbugs
I have used 
GNU/Findbugs and found it useful in java code/bytecode analysis. See 
FindBugs blog in blogspot.
     
     
    
    
  
  
1 Comments:
Genial dispatch and this fill someone in on helped me alot in my college assignement. Thank you as your information.
Post a Comment
<< Home