An early detection tool in Eclipse to support secure coding practices. (2018)
- Record Type:
- Journal Article
- Title:
- An early detection tool in Eclipse to support secure coding practices. (2018)
- Main Title:
- An early detection tool in Eclipse to support secure coding practices
- Authors:
- White, Benjamin
Dai, Jun
Zhang, Cui - Abstract:
- Developing secure software in a world where companies like Anthem Blue Cross, Twitter, Facebook, and target have had massive amounts of data stolen by hackers is as challenging as it is important. Insecure coding practices are major contributors to software security vulnerabilities. Even though several static analysis tools are available that can search for and identify security holes in software applications, this process usually runs too late and any remediation will be more costly after large portions of the software have been built. The early detection tools that do exist are closed source and utilise proprietary software vulnerability rule sets. What is missing is an open-source secure coding enforcement tool utilising well-documented rules that software developers can use to predict potential pitfalls, learn from their mistakes and aid in the construction of secure programs as they build them. To address the need, we have designed a new tool called secure coding assistant for the Eclipse development environment that semi-automates several secure coding rules set forth by the CERT division at Carnegie Mellon University. The tool detects violations of the CERT rules for the Java programming language but it is easily extensible to other languages supported by Eclipse. It is an open-source tool with an emphasis on educating software developers in secure coding practices. The tool and a tool demo is disseminated via github atDeveloping secure software in a world where companies like Anthem Blue Cross, Twitter, Facebook, and target have had massive amounts of data stolen by hackers is as challenging as it is important. Insecure coding practices are major contributors to software security vulnerabilities. Even though several static analysis tools are available that can search for and identify security holes in software applications, this process usually runs too late and any remediation will be more costly after large portions of the software have been built. The early detection tools that do exist are closed source and utilise proprietary software vulnerability rule sets. What is missing is an open-source secure coding enforcement tool utilising well-documented rules that software developers can use to predict potential pitfalls, learn from their mistakes and aid in the construction of secure programs as they build them. To address the need, we have designed a new tool called secure coding assistant for the Eclipse development environment that semi-automates several secure coding rules set forth by the CERT division at Carnegie Mellon University. The tool detects violations of the CERT rules for the Java programming language but it is easily extensible to other languages supported by Eclipse. It is an open-source tool with an emphasis on educating software developers in secure coding practices. The tool and a tool demo is disseminated via github at http://benw408701.github.io/SecureCodingAssistant/. … (more)
- Is Part Of:
- International journal of information privacy, security and integrity. Volume 3:Number 4(2018)
- Journal:
- International journal of information privacy, security and integrity
- Issue:
- Volume 3:Number 4(2018)
- Issue Display:
- Volume 3, Issue 4 (2018)
- Year:
- 2018
- Volume:
- 3
- Issue:
- 4
- Issue Sort Value:
- 2018-0003-0004-0000
- Page Start:
- 284
- Page End:
- 309
- Publication Date:
- 2018
- Subjects:
- secure coding -- development tool -- Java -- Eclipse -- static analysis -- education
Computer security -- Periodicals
Computer networks -- Access control -- Periodicals
Information technology -- Security measures -- Periodicals
Data protection -- Periodicals
Privacy, Right of -- Periodicals
005.805 - Journal URLs:
- http://www.inderscience.com/ ↗
http://www.inderscience.com/browse/index.php?journalCODE=ijipsi ↗ - Languages:
- English
- ISSNs:
- 1741-8496
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 9279.xml