Cigital releases a set of rules to boost Java security
Stories Columns Opinions Resources
Sun extends Groovy, PHP support to NetBeans
Version 6.5 of the IDE will see complete support for those two languages along with comple...
|
Sun reorganizes its software production infrastructure
Facing economic hardships, lost revenue and loss of employees, Sun has split its software ...
|
Adobe steers Flash toward RIA implementation
At this year's Adobe MAX Conference, the focus was on Flash, this time making Flash more o...
|
BigLever builds a bridge to SCM with Gears
The Gears Universal Configuration Management Bridge allows CM systems to integrate with Ge...
|
SOA Watch: New economic realities
In the current economic downturn, agile programming and SOA are attractive options that bu...
|
Integration Watch: A new twist on threads
The key to raising the efficiency of multiprocessors is to shrink the overall workload by ...
|
Integration Watch: The Return of NetRexx?
Java scripting languages are seeing a surge in popularity, with NetRexx looking particular...
|
Windows & .NET Watch: Transaction crowd gets a boost
With multicore chips becoming the standard for processors, the need for a flexible, usable...
|
From the Editors: Election should shake up JCP
Rod Johnson has the right ideas for opening up the Java Community Process, and he may be a...
|
Letters to the Editor: Sun gives REST, SOAP choice
A reader takes issue with a headline on our story about Sun working with REST along with S...
|
Guest View: Be smart and lazy
The optimal solution for problems is the simplest one, so always aim to streamline your ap...
|
Zeichick's Take: From EXEC to EXEC 2 to REXX to NetRexx
Andrew Binstock's column last week, "The Return of NetRexx," brought back some fond memori...
|
Practical tips for saving money on code maintenance
If software design is expensive, well, code maintenance is even more so. When you look...
|
Transform your app-dev quality by involving the whole community in testing
As the saying goes, the more eyes you have on software, the shallower the bugs. That’...
|
Build your dev and test labs for less – a lot less – with virtualization
You don’t have the budget to equip developers and software test teams with all the har...
|
Software Common Hacks and Counterattacks: A Guide to Protecting Software Products against the Top 7 Piracy Threats
Software piracy continues to be a growing epidemic. This white paper examines prevalen...
|
By Jeff Feinman
September 17, 2008 —
Application security company Cigital has created a set of Java static analysis rules for Fortify Software’s Source Code Analyzer.
The Java Security Rulepack 1.0, released today, adds 64 vulnerability categories to Fortify’s vulnerability category base, which has more than 315 categories for 17 programming languages, Cigital executives said. The rules in the product are open source, and users can modify the implementation of the rules as they please. This can reduce the number of false positives in an organizational scan, the company said.
Some of the security checks in the Java Security Rulepack include J2EE and Struts misconfiguration checks, cryptographic usage checks, credential protection, and code quality. It works with Fortify's Source Code Analyzer version 4.5 or later.
Among the 64 rules in the Java Security Rulepack are the removal of empty try-catch blocks that handle code; the insurance that cryptographic keys are 128 bits long to maintain the integrity and confidentiality of data; and the avoidance of hard-coding user names and passwords in Castor configuration files.
“We're excited to see outside experts, such as Cigital, writing custom rules to further enhance the level of analysis of Fortify's products,” says Brian Chess, co-founder and chief scientist at Fortify. “This trend started with the Computer Emergency Response Team earlier in 2008, and now takes a great stride forward with the addition of the Cigital Java Security Rulepack.”
Related Search Term(s): Java, open source, security, Cigital, Fortify
Share this link: http://www.sdtimes.com/link/32869