JCute and Application Security

When I was presenting to the Chicago Java Users Group a couple of weeks ago one of the attendees turned me on to a tool called JCuteJCute is a freely-available “concolic unit testing engine” which means it is a tool that can enumerate and examine all of the execution paths of a program to look for errors.  It can also help to identify race conditions in concurrent Java code.  It can also take the results of this analysis and generate JUnit unit tests.

This tool offers some very interesting potential for software and application security because of the in-depth branch analysis.  That would allow developers to find fairly subtle bugs that would typically go unnoticed.  What I haven’t had a chance to look at yet is how hard it would be to do analysis of server-side Java code like servlets and JSPs so perhaps I will have some time to look into that more in the next week or so.

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *