| In recent years, as the perfection of the Internet infrastructure and the rapid de-velopment ef network communication technology, Java language has retained its po-sition at the top of the charts of TIOBE world programming languages for several years。 and has broad prospects and significant advantages.But the security threats of the Java applications are increasing, such as SQL injection attacks, program infor-mation exposure, AJAX vulnerabilities, business logic vulnerabilities, Cross Site Scripting attacks. As there is great business between people’s information, properties and the applications. Once going wrong, it may cause serious consequences. We would detect the vulnerabilities before the release of the software rather than supply a gap. For modern Internet development is rapid, large-scale software increased, static detecting Java codes can be regarded as a good method.In this paper we studied a lot of some existing code defection modes and static detection This topic for some existing code vulnerabilities mode, we also developed a Java code vulnerabilities detection tool based on LAPSE+. This tool is based on a context sensitive pointer analysis algorithm. By studying a large number of codes with vulnerabilities, we expanded the Java code vulnerabilities detection tool in de-tection types and transfered the plugin into a RCP desktop application in Chinese. This tool has a low false positive, and it can detect many kinds Java code vulnerabili-ties and assist the developers in the project safety and efficient development. |
PDF Full Text Request