Author (Your Name)

Russell Spitler, Colby College

Date of Award

2005

Document Type

Honors Thesis (Open Access)

Department

Colby College. Computer Science Dept.

Advisor(s)

Dale J. Skrien

Abstract

Secure software is the responsibility of every developer. In order to help a developer with this responsibility there are many automated source code security auditors. These tools perform a variety of functions, from finding calls to insecure functions to poorly generated random numbers. These programs have existed for years and perform the security audit with varying degrees of success.

Largely missing in the world of programming is such a security auditor for the Java programming language. Currently, Fortify Software produces the only Java source code security auditor; this is a commercially available package.

This void is what inspired JeSS, Java Security Scanner for eclipse. JeSS is an open source, extensible program that statically analyzes source code for possible security bugs. To tightly couple JeSS with the software development process, JeSS was developed as a plug-in for the Eclipse Integrated Development Environment.

Eclipse is an open source Integrated Development Environment (IDE) developed by IBM. Eclipse is widely used by developers in both educational and commercial settings. The Eclipse IDE was picked for JeSS because of this widespread use, its publicly available source code, and easy extensibility.

JeSS plugs into the eclipse user interface, using the standard widgets found in the development environment. The integration with the IDE and use of standard conventions within the environment makes JeSS a tool that is easy to use throughout the development process.

Comments

Thesis Document (PDF) Contents:
Chapter 1 Introduction
Chapter 2 Secure Coding and Java Security
Chapter 3 Java Security Holes
Chapter 4 Tools and Methodologies behind JeSS
Chapter 5 JeSS Details
Chapter 6 Results of the JeSS Project
Chapter 7 References
Appendix A JeSS Users Manual
Appendix B JeSS README
Appendix C JeSS JavaDoc

JeSS Plugin Package (.zip) Contents:
edu.colby.cs.JeSS (folder)
edu.colby.cs.JeSS.help
JavaDoc (folder)

Keywords

Security, Java, Source code security auditor, Eclipse Integrated Development Environment

Click below to download supplemental content.

JeSS_SpitlerR_2005.zip (1858 kB)
JeSS Plugin

Share

COinS