Date of Award
2005
Document Type
Honors Thesis (Open Access)
Department
Colby College. Computer Science Dept.
Advisor(s)
Dale J. Skrien
Abstract
Secure software is the responsibility of every developer. In order to help a developer with this responsibility there are many automated source code security auditors. These tools perform a variety of functions, from finding calls to insecure functions to poorly generated random numbers. These programs have existed for years and perform the security audit with varying degrees of success.
Largely missing in the world of programming is such a security auditor for the Java programming language. Currently, Fortify Software produces the only Java source code security auditor; this is a commercially available package.
This void is what inspired JeSS, Java Security Scanner for eclipse. JeSS is an open source, extensible program that statically analyzes source code for possible security bugs. To tightly couple JeSS with the software development process, JeSS was developed as a plug-in for the Eclipse Integrated Development Environment.
Eclipse is an open source Integrated Development Environment (IDE) developed by IBM. Eclipse is widely used by developers in both educational and commercial settings. The Eclipse IDE was picked for JeSS because of this widespread use, its publicly available source code, and easy extensibility.
JeSS plugs into the eclipse user interface, using the standard widgets found in the development environment. The integration with the IDE and use of standard conventions within the environment makes JeSS a tool that is easy to use throughout the development process.
Keywords
Security, Java, Source code security auditor, Eclipse Integrated Development Environment
Recommended Citation
Spitler, Russell, "JeSS – a Java Security Scanner for Eclipse" (2005). Honors Theses. Paper 567.https://digitalcommons.colby.edu/honorstheses/567
Copyright
Colby College theses are protected by copyright. They may be viewed or downloaded from this site for the purposes of research and scholarship. Reproduction or distribution for commercial purposes is prohibited without written permission of the author.
Included in
Databases and Information Systems Commons, Other Computer Engineering Commons, Programming Languages and Compilers Commons, Systems Architecture Commons
Comments
Thesis Document (PDF) Contents:
Chapter 1 Introduction
Chapter 2 Secure Coding and Java Security
Chapter 3 Java Security Holes
Chapter 4 Tools and Methodologies behind JeSS
Chapter 5 JeSS Details
Chapter 6 Results of the JeSS Project
Chapter 7 References
Appendix A JeSS Users Manual
Appendix B JeSS README
Appendix C JeSS JavaDoc
JeSS Plugin Package (.zip) Contents:
edu.colby.cs.JeSS (folder)
edu.colby.cs.JeSS.help
JavaDoc (folder)