Securing Java: getting down to business with mobile code
Securing Java: getting down to business with mobile code
Inside Java 2 platform security architecture, API design, and implementation
Inside Java 2 platform security architecture, API design, and implementation
On the criteria to be used in decomposing systems into modules
Communications of the ACM
Effective Java programming language guide
Effective Java programming language guide
Writing Secure Code
Coping with Java Programming Stress
Computer
A Comparison of Bug Finding Tools for Java
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
ACM SIGPLAN Notices
Introduction to Software Engineering Design: Processes, Principles and Patterns with UML2
Introduction to Software Engineering Design: Processes, Principles and Patterns with UML2
Evaluating static analysis defect warnings on production software
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
An Evaluation of Two Bug Pattern Tools for Java
ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
Secure programming with static analysis
Secure programming with static analysis
Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series)
Comparing bug finding tools with reviews and tests
TestCom'05 Proceedings of the 17th IFIP TC6/WG 6.1 international conference on Testing of Communicating Systems
Towards a unified fault-detection benchmark
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Hi-index | 0.00 |
A secure coding standard for Java does not exist. Even if a standard did exist, it is not known how well static analysis tools could enforce it. In this work, we show how well eight static analysis tools can identify violations of a comprehensive collection of coding heuristics for increasing the quality and security of Java SE code. A new taxonomy for correlating coding heuristics with the design principles they help to achieve is also described. The taxonomy aims to make understanding, applying, and remembering both principles and heuristics easier. A significant number of secure coding violations, some of which make attacks possible, were not identified by any tool. Even if all eight tools were combined into a single tool, more than half of the violations included in the study would not be identified.