I've recently been working on providing better secure programming
defaults. There's a great opportunity for doing so for applications
written on top of frameworks/libraries.
See our paper " Towards Security by Construction for Web 2.0
Applications" at a recent W2SP workshop.
-Ben
On 6/7/07, Stev
We are happy to announce the first public release of LAPSE: a source code
security scanner for Java. LAPSE is an Eclipse plugin that helps automate
the code review process for Java J2EE applications.
LAPSE is inspired by existing lightweight security auditing tools such as
RATS, pscan, and FlawFi