Skip to main content
SpringerLink
Log in
Book cover

Future Information Technology pp 148–156Cite as

LAPSE+ Static Analysis Security Software: Vulnerabilities Detection in Java EE Applications

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 184))

Abstract

This paper presents the study and enhancement of LAPSE, a security software based on the static analysis of code for detecting security vulnerabilities in Java EE Applications. LAPSE was developed by the SUIF Compiler Group of Stanford University as a plugin for Eclipse Java IDE. The latest stable release of the plugin, LAPSE 2.5.6, dates from 2006, and it is obsolete in terms of the number of vulnerabilities detected and its integration with new versions of Eclipse. This paper focuses on introducing LAPSE+, an enhanced version of LAPSE 2.5.6. This new version of the plugin extends the functionality of the previous one, being updated to work with Eclipse Helios, providing a wider catalog of vulnerabilities and improvements for code analysis. In addition, the paper introduces a command-line version of LAPSE+ to make this tool independent of Eclipse Java IDE. This command-line version features the generation of XML reports of the potential vulnerabilities detected in the application.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Viega, J., Bloch, J.T., Kohno, Y., McGraw, G.: ITS4: A static vulnerability scanner for C and C++ code. In: 16th Annual Conference on Computer Security Applications, ACSAC 2000, pp. 257–267 (2002)

    Google Scholar 

  2. McGraw, G.: Automated code review tools for security. Computer 41(12), 108–111 (2008)

    Article  Google Scholar 

  3. Johnson, R.: J2EE development frameworks. Computer 38(1), 107–110 (2005)

    Article  Google Scholar 

  4. Alur, D., Malks, D., Crupi, J.: Core J2EE patterns: best practices and design strategies. Prentice Hall PTR, Upper Saddle River (2001)

    Google Scholar 

  5. Kereki, F.: Web 2.0 development with the Google web toolkit. Linux Journal 2009(178), pages 2 (2009)

    Google Scholar 

  6. Tang, H., Huang, S., Li, Y., Bao, L.: Dynamic taint analysis for vulnerability exploits detection. In: 2010 2nd International Conference on Computer Engineering and Technology (ICCET), vol. 2, pages V2 (2010)

    Google Scholar 

  7. Livshits, V.B., Lam, M. S.: Finding security vulnerabilities in Java applications with static analysis. In: Proceedings of the 14th conference on USENIX Security Symposium, vol. 14, pages 18 (2005)

    Google Scholar 

  8. Barman, A.: LDAP application development using J2EE and. NET. In: Proceedings of the First India Annual Conference, IEEE INDICON 2004, pp. 494–497 (2005)

    Google Scholar 

  9. Kotzmann, T., Wimmer, C., Mössenböck, H., Rodriguez, T., Russell, K., Cox, D.: Design of the Java HotSpot client compiler for Java 6. ACM Transactions on Architecture and Code Optimization (TACO) 5(1), 1–32 (2008)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Evalues Lab - Universidad Carlos III de Madrid, Spain

    Pablo Martín Pérez, Joanna Filipiak & José María Sierra

Authors
  1. Pablo Martín Pérez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joanna Filipiak
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. José María Sierra
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Seoul National University of Science and Technology, 172 Gongreung 2-dong, Nowon-gu, 139-742, Seoul, Korea

    James J. Park

  2. Department of Computer Science, St. Francis Xavier University, B2G 2W5, Antigonish, NS, Canada

    Laurence T. Yang

  3. Hanshin University, 411 Yangsandong, 447-791, Osan-si, Korea

    Changhoon Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pérez, P.M., Filipiak, J., Sierra, J.M. (2011). LAPSE+ Static Analysis Security Software: Vulnerabilities Detection in Java EE Applications. In: Park, J.J., Yang, L.T., Lee, C. (eds) Future Information Technology. Communications in Computer and Information Science, vol 184. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22333-4_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22333-4_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22332-7

  • Online ISBN: 978-3-642-22333-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation