I have been working on a project lately to perform (some) code review as code is written, rather than waiting until it is checked in to cvs/svn/etc. My solution was to create an IDE plug-in that leverages built in features to highlight insecure method calls and suggest alternate code.
When the IDE starts up, it gets an updated list of insecure methods and hints from a web service. Right now I am in the very early stages, so It isn't real pretty or refined yet. For now, I am calling the project Just-in-Time (JIT) Secure Code.
The video below demonstrates the concept in NetBeans.
Nick,
ReplyDeleteThis is really cool. I've been wanting something like this for some time. Planning to release it if you get it working?
Thanks
That is the plan... but there's quite a bit of work to do before its ready for a BETA release. I also need to populate the database with content.
ReplyDelete- Nick