I have been working on a project lately to perform (some) code review as code is written, rather than waiting until it is checked in to cvs/svn/etc. My solution was to create an IDE plug-in that leverages built in features to highlight insecure method calls and suggest alternate code.
When the IDE starts up, it gets an updated list of insecure methods and hints from a web service. Right now I am in the very early stages, so It isn't real pretty or refined yet. For now, I am calling the project Just-in-Time (JIT) Secure Code.
The video below demonstrates the concept in NetBeans.
Subscribe to:
Post Comments (Atom)
Posts
2 comments:
Nick,
This is really cool. I've been wanting something like this for some time. Planning to release it if you get it working?
Thanks
That is the plan... but there's quite a bit of work to do before its ready for a BETA release. I also need to populate the database with content.
- Nick
Post a Comment