Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

General question on preventing malicious code promotion

 
Thomas Kennedy
Ranch Hand
Posts: 137
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where can I look for guidance on the general question of how to prevent malicious code from being added to an EAR before it is promoted to the server?
 
Tim McGuire
Ranch Hand
Posts: 820
IntelliJ IDE Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How is the malicious code being introduced?

Are you looking for a way to scan the code before it is deployed, or a way to prevent malicious people from breaking into your code base and adding their code?
 
Thomas Kennedy
Ranch Hand
Posts: 137
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good question. This request is from our customer and I'm not sure they know what their concern is. I would say, scanning for nasties before the code is promoted is what is on their mind.
 
Tim McGuire
Ranch Hand
Posts: 820
IntelliJ IDE Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OWASP has a page about this:
https://www.owasp.org/index.php/Source_Code_Analysis_Tools

are you using some kind of build and deploy tool like Jenkins?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic