SOFTWARE TESTING OUTFIT Coverity has announced that it has improved its static analysis technology to address security issues in Java applications.
Coverity's static analysis will look at source code and the web application architecture it uses to point out potential security vulnerabilities. The firm claimed its static analysis tools can now highlight potential cross-site scripting attacks and mitigate SQL injection attacks.
According to Coverity, the additions to its static analysis include integrating static source code analysis with its framework analyser, incorporating a white box fuzzer to validate data sensitisation and provide guidance to developers.
Interestingly, Coverity was eager to point out that its first-generation static analysis tools were not able to deal with the complexity of web applications. The firm claimed its upcoming release has been built specifically for web applications.
Andy Chou, Coverity co-founder and CTO said, "First-generation static analysis tools are not effective in helping developers because they don't credibly provide them with this information. We are making it easy for developers by taking the guesswork out of finding and fixing security defects."
Coverity said its new static analysis security technology will be available in September as part of its Development Testing Platform. µ