File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes General question on preventing malicious code promotion Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "General question on preventing malicious code promotion" Watch "General question on preventing malicious code promotion" New topic
Author

General question on preventing malicious code promotion

Thomas Kennedy
Ranch Hand

Joined: Jan 20, 2008
Posts: 137
Where can I look for guidance on the general question of how to prevent malicious code from being added to an EAR before it is promoted to the server?
Tim McGuire
Ranch Hand

Joined: Apr 30, 2003
Posts: 820

How is the malicious code being introduced?

Are you looking for a way to scan the code before it is deployed, or a way to prevent malicious people from breaking into your code base and adding their code?
Thomas Kennedy
Ranch Hand

Joined: Jan 20, 2008
Posts: 137
Good question. This request is from our customer and I'm not sure they know what their concern is. I would say, scanning for nasties before the code is promoted is what is on their mind.
Tim McGuire
Ranch Hand

Joined: Apr 30, 2003
Posts: 820

OWASP has a page about this:
https://www.owasp.org/index.php/Source_Code_Analysis_Tools

are you using some kind of build and deploy tool like Jenkins?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: General question on preventing malicious code promotion