Abstract
This paper presents the study and enhancement of LAPSE, a security software based on the static analysis of code for detecting security vulnerabilities in Java EE Applications. LAPSE was developed by the SUIF Compiler Group of Stanford University as a plugin for Eclipse Java IDE. The latest stable release of the plugin, LAPSE 2.5.6, dates from 2006, and it is obsolete in terms of the number of vulnerabilities detected and its integration with new versions of Eclipse. This paper focuses on introducing LAPSE+, an enhanced version of LAPSE 2.5.6. This new version of the plugin extends the functionality of the previous one, being updated to work with Eclipse Helios, providing a wider catalog of vulnerabilities and improvements for code analysis. In addition, the paper introduces a command-line version of LAPSE+ to make this tool independent of Eclipse Java IDE. This command-line version features the generation of XML reports of the potential vulnerabilities detected in the application.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Viega, J., Bloch, J.T., Kohno, Y., McGraw, G.: ITS4: A static vulnerability scanner for C and C++ code. In: 16th Annual Conference on Computer Security Applications, ACSAC 2000, pp. 257–267 (2002)
McGraw, G.: Automated code review tools for security. Computer 41(12), 108–111 (2008)
Johnson, R.: J2EE development frameworks. Computer 38(1), 107–110 (2005)
Alur, D., Malks, D., Crupi, J.: Core J2EE patterns: best practices and design strategies. Prentice Hall PTR, Upper Saddle River (2001)
Kereki, F.: Web 2.0 development with the Google web toolkit. Linux Journal 2009(178), pages 2 (2009)
Tang, H., Huang, S., Li, Y., Bao, L.: Dynamic taint analysis for vulnerability exploits detection. In: 2010 2nd International Conference on Computer Engineering and Technology (ICCET), vol. 2, pages V2 (2010)
Livshits, V.B., Lam, M. S.: Finding security vulnerabilities in Java applications with static analysis. In: Proceedings of the 14th conference on USENIX Security Symposium, vol. 14, pages 18 (2005)
Barman, A.: LDAP application development using J2EE and. NET. In: Proceedings of the First India Annual Conference, IEEE INDICON 2004, pp. 494–497 (2005)
Kotzmann, T., Wimmer, C., Mössenböck, H., Rodriguez, T., Russell, K., Cox, D.: Design of the Java HotSpot client compiler for Java 6. ACM Transactions on Architecture and Code Optimization (TACO) 5(1), 1–32 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pérez, P.M., Filipiak, J., Sierra, J.M. (2011). LAPSE+ Static Analysis Security Software: Vulnerabilities Detection in Java EE Applications. In: Park, J.J., Yang, L.T., Lee, C. (eds) Future Information Technology. Communications in Computer and Information Science, vol 184. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22333-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-22333-4_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22332-7
Online ISBN: 978-3-642-22333-4
eBook Packages: Computer ScienceComputer Science (R0)