Java source code analysis improves software security, quality -

Java source code analysis improves software security, quality

Burlington, Mass.—Aiming to get its technology onto more developer desktops, Klockwork is offering Klocwork Developer for Java(KDJ) , a downloadable Eclipse and Rational IDE plug-in designed for individual developers who need to analyze their Java code for defects and security vulnerabilities such as resource leaks, NULL pointer dereference, SQL injection and un-validated inputs.

KDJ is based on the developer desktop module included with the full Klocwork Enterprise Suite. However, it has been optimized for the individual developer to use with a wider range of projects (i.e. smaller projects/code bases than what the full suite typically has been used).

According to Klocwork, it gives designers a far richer, yet fully integrated static analysis, defect review and correction capabilities than what have been available within the IDEs.

Klocwork Developer for Java offered as a downloadable Eclipse plug-in at

Developers can download a 30-day trial free of charge. The full license for KDJ can be purchased from the site for $299 per year.

Other notable KDJ capabilities include:
Critical Java defects and security vulnerabilities . KDJ automatically looks for hundreds of different defects and security vulnerabilities in Java, including array bounds violations, null pointer dereferences, cross site scripting, SQL injection, process creation injection, and resource leaks.

Comprehensive Java support. KDJ fully supports the Java 1.5 specification for J2EE, J2SE and J2ME, as well as full support for earlier language specs.

Java Security Analysis Aligned with OWASP. KDJ's vulnerability analysis provides excellent coverage of the vulnerabilities from the OWASP Top 10 list.

Customizable. Klocwork Developer for Java allows you to modify specific defect checkers to focus on the errors you want to find and to reduce the detection of errors you aren't interested in.

IDE Integration. Klocwork Developer for Java uses the Eclipse Plug-in framework to fully integrate with any Eclipse-based IDE and is certified as “Ready For Rational” for use with IBM Rational Application Developer.

A technical paper on 'Improving Software Development Productivity' illustrates how a suite of Klocwork products provides automated defect detection and quality indicator measurements that promise productivity improvements in software development and management of software development projects.

A technical paper entitled 'Secure Software: A Manager's Checklist' provides a process-based 'Manager's Checklist' that enables development teams to create more secure software.

Klocwork, 866-556-2967,

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.