Java Source Code Analysis Available for Developers to Improve Software Security and Quality

Java Source Code Analysis Available for Developers to Improve Software Security and Quality

Klocwork launched Klocwork Developer for Java (KDJ), a downloadable Eclipse and Rational IDE plug-in designed for individual developers to analyze their Java code for defects and security vulnerabilities.

Klocwork's leading is now available as a standalone developer desktop tool.

Available as a downloadable plug-in for Eclipse-based Java IDEs, Klocwork Developer for Java (KDJ) provides enterprise-grade source code analysis directly on an individual developer's desktop. KDJ automatically identifies security vulnerabilities and defects at the earliest possible stage of the development cycle, enabling the developer to focus on high quality, innovative code.

KDJ is the most powerful static code analysis tool available for the individual developer desktop. In particular, KDJ provides the highest degree of accuracy and efficiency when compared with other available Eclipse-based static analysis plug-ins. As part of the beta program, Klocwork received extremely positive feedback from over 50 developers citing its high value, its speed and accuracy, and its ease-of-use.

"Klocwork Developer for Java is a very intuitive and easy-to-use Eclipse plug-in. Within minutes of downloading the Klocwork product, I analyzed my code and found several problems that I considered important to fix. I plan on using Klocwork Developer for Java as part of my regular development routine," commented a software designer from Atreus Systems, Inc.

Other notable capabilities of Klocwork Developer for Java include:

* Critical Java defects and security vulnerabilities -- KDJ automatically looks for hundreds of different defects and security vulnerabilities in Java, including array bounds violations, null pointer dereferences, cross site scripting, SQL injection, process creation injection, and resource leaks.

* Comprehensive Java support -- KDJ fully supports the Java 1.5 specification for J2EE, J2SE and J2ME, as well as full support for earlier language specs.

* Java Security Analysis Aligned with OWASP -- KDJ's vulnerability analysis provides excellent coverage of the vulnerabilities from the OWASP Top 10 list.

* Customizable -- Klocwork Developer for Java allows you to modify specific defect checkers to focus on the errors you want to find and to reduce the detection of errors you aren't interested in.

* IDE Integration --- Klocwork Developer for Java uses the Eclipse Plug-in framework to fully integrate with any Eclipse-based IDE and is certified as "Ready For Rational" for use with IBM Rational Application Developer.

Klocwork Developer for Java is available immediately at (developer.klocwork.com). Developers can download a fully-featured 30-day trial free of charge. The full license for KDJ can be purchased from the site for $299 per year. This subscription includes full access to the Klocwork Developer for Java community site, a resource for individual developers that includes online documentation and tutorials, user forums and online technical support.

For organizations who need a more full-featured source code analysis solution for Java and C and C++, Klocwork offers an Enterprise Development Edition. This edition provides complete build integration tools, architectural analysis and optimization capabilities, metrics and trending tools, and web-based defect management and reporting capabilities – all designed to support large and complex software development teams.

Topics covered in this article