my dog learned polymorphism*
The moose likes Security and the fly likes General question on preventing malicious code promotion Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "General question on preventing malicious code promotion" Watch "General question on preventing malicious code promotion" New topic
Author

General question on preventing malicious code promotion

Thomas Kennedy
Ranch Hand

Joined: Jan 20, 2008
Posts: 137
Where can I look for guidance on the general question of how to prevent malicious code from being added to an EAR before it is promoted to the server?
Tim McGuire
Ranch Hand

Joined: Apr 30, 2003
Posts: 820

How is the malicious code being introduced?

Are you looking for a way to scan the code before it is deployed, or a way to prevent malicious people from breaking into your code base and adding their code?
Thomas Kennedy
Ranch Hand

Joined: Jan 20, 2008
Posts: 137
Good question. This request is from our customer and I'm not sure they know what their concern is. I would say, scanning for nasties before the code is promoted is what is on their mind.
Tim McGuire
Ranch Hand

Joined: Apr 30, 2003
Posts: 820

OWASP has a page about this:
https://www.owasp.org/index.php/Source_Code_Analysis_Tools

are you using some kind of build and deploy tool like Jenkins?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: General question on preventing malicious code promotion
 
Similar Threads
JDBC start/stop database needed
Objective 6.1
exact english word
java vulnerabilities
Enable JavaScript