Please use this identifier to cite or link to this item: https://hdl.handle.net/11147/3039
Title: Development of a static analysis tool to find securty vulnerabilities in java applications
Authors: Tuğlular, Tuğkan
Topuz, Bertan
Issue Date: 2010
Publisher: Izmir Institute of Technology
Abstract: The scope of this thesis is to enhance a static analysis tool in order to find security limitations in java applications. This will contribute to the removal of some of the existing limitations related with the lack of java source codes. The generally used tools for a static analysis are FindBugs, Jlint, PMD, ESC/Java2, Checkstyle. In this study, it is aimed to utilize PMD static analysis tool which already has been developed to find defects Possible bugs (empty try/catch/finally/switch statements), Dead code (unused local variables, parameters and private methods), Suboptimal code (wasteful String/StringBuffer usage), Overcomplicated expressions (unnecessary if statements for loops that could be while loops), Duplicate code (copied/pasted code means copied/pasted bugs). On the other hand, faults possible unexpected exception, length may be less than zero, division by zero, stream not closed on all paths and should be a static inner class cases were not implemented by PMD static analysis tool. PMD performs syntactic checks and dataflow analysis on program source code.In addition to some detection of clearly erroneous code, many of the .bugs. PMD looks for are stylistic conventions whose violation might be suspicious under some circumstances. For example, having a try statement with an empty catch block might indicate that the caught error is incorrectly discarded. Because PMD includes many detectors for bugs that depend on programming style, PMD includes support for selecting which detectors or groups of detectors should be run. While PMD.s main structure was conserved, boundary overflow vulnerability rules have been implemented to PMD.
Description: Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2010
Includes bibliographical references (leaves: 57-60)
Text in English Abstract: Turkish and English
ix, 77 leaves
URI: http://hdl.handle.net/11147/3039
Appears in Collections:Master Degree / Yüksek Lisans Tezleri

Files in This Item:
File Description SizeFormat 
T000185.pdfMasterThesis1.02 MBAdobe PDFThumbnail
View/Open
Show full item record

CORE Recommender

Page view(s)

58
checked on Sep 26, 2022

Download(s)

174
checked on Sep 26, 2022

Google ScholarTM

Check


Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.