[Java-project] Fwd: LAPSE: code auditing tool for Java

Stephen de Vries stephen at corsaire.com
Tue Aug 15 05:34:47 EDT 2006


Think most of you probably got this in the original OWASP post.   
Haven't had an indepth look yet, but this could be a very valuable  
code auditing tool.  Built on PQL which does both taint checking and  
pattern matching, so it's potentially more useful than findbugs and  
pmd for finding security issues.


Begin forwarded message:

> From: "Benjamin Livshits" <livshits at cs.stanford.edu>
> Date: 12 August 2006 01:41:46 GMT+07:00
> To: <webappsec at securityfocus.com>, <sc-l at securecoding.org>
> Subject: LAPSE: code auditing tool for Java
>
> We are happy to announce the first public release of LAPSE: a  
> source code
> security scanner for Java. LAPSE is an Eclipse plugin that helps  
> automate
> the code review process for Java J2EE applications.
>
> LAPSE is inspired by existing lightweight security auditing tools  
> such as
> RATS, pscan, and FlawFinder. Unlike those tools, however, LAPSE  
> addresses
> Web applications vulnerabilities such as SQL injection, cross-site
> scripting, path traversal, etc. LAPSE is not intended as a  
> comprehensive
> solution for Web application security, but rather as an aid in the  
> code
> review process.
>
> More information about LAPSE can be found at
>
> 	http://suif.stanford.edu/~livshits/work/lapse/
>
> Enjoy.
>
> -Ben
> http://www.stanford.edu/~livshits/
>
>
> ---------------------------------------------------------------------- 
> ---
> Sponsored by: Watchfire
>
> Watchfire was recently named the worldwide market leader in Web
> application security assessment tools by both Gartner and IDC.
> Download a free trial of AppScan today and see why more customers  
> choose
> AppScan then any other solution. Try it today!
>
> https://www.watchfire.com/securearea/appscancamp.aspx? 
> id=701500000008VnB
> ---------------------------------------------------------------------- 
> ----
>

-- 
Stephen de Vries
Corsaire Ltd
E-mail: stephen at corsaire.com
Tel:	+44 1483 226014
Fax: 	+44 1483 226068
Web: 	http://www.corsaire.com






More information about the Java-project mailing list