Development of a static analysis tool to find securty vulnerabilities in java applications
tarafından
 
Topuz, Bertan.

Başlık
Development of a static analysis tool to find securty vulnerabilities in java applications

Yazar
Topuz, Bertan.

Yazar Ek Girişi
Topuz, Bertan.

Yayın Bilgileri
[s.l.]: [s.n.], 2010.

Fiziksel Tanımlama
ix, 77 leaves. : ill. + 1 computer laser optical disc.

Özet
The scope of this thesis is to enhance a static analysis tool in order to find security limitations in java applications. This will contribute to the removal of some of the existing limitations related with the lack of java source codes. The generally used tools for a static analysis are FindBugs, Jlint, PMD, ESC/Java2, Checkstyle. In this study, it is aimed to utilize PMD static analysis tool which already has been developed to find defects Possible bugs (empty try/catch/finally/switch statements), Dead code (unused local variables, parameters and private methods), Suboptimal code (wasteful String/StringBuffer usage), Overcomplicated expressions (unnecessary if statements for loops that could be while loops), Duplicate code (copied/pasted code means copied/pasted bugs). On the other hand, faults possible unexpected exception, length may be less than zero, division by zero, stream not closed on all paths and should be a static inner class cases were not implemented by PMD static analysis tool. PMD performs syntactic checks and dataflow analysis on program source code.In addition to some detection of clearly erroneous code, many of the .bugs. PMD looks for are stylistic conventions whose violation might be suspicious under some circumstances. For example, having a try statement with an empty catch block might indicate that the caught error is incorrectly discarded. Because PMD includes many detectors for bugs that depend on programming style, PMD includes support for selecting which detectors or groups of detectors should be run. While PMD.s main structure was conserved, boundary overflow vulnerability rules have been implemented to PMD.

Konu Başlığı
Java(Computer program language)
 
Computers securiyt.

Yazar Ek Girişi
Tuğlular, Tuğkan.

Tüzel Kişi Ek Girişi
İzmir Institute of Technology. Computer Engineering.

Tek Biçim Eser Adı
Thesis (Master)--İzmir Institute of Technology: Computer Engineering.
 
İzmir Institute of Technology: Computer Engineering--Thesis (Master).

Elektronik Erişim
Access to Electronic Version.


LibraryMateryal TürüDemirbaş NumarasıYer NumarasıDurumu/İade Tarihi
IYTE LibraryTezT000185QA76.73.J38 T67 2010Tez Koleksiyonu