Secure Coding, Made Easy!
The Secure Coding Assistant by California State University Sacramento, commonly referred to as the “Secure Coding Assistant,” is a plugin for the Eclipse Development Environment that alerts developers when they are at risk of violating one of the secure coding rules for the Java programming language. The secure coding rules are defined by the CERT division of the Software Engineering Institute at Carnegie Mellon University. A complete list of the rules may be found here Full credit of the rules used in the tool are given to CERT. This is an open source application created by Ben White with plans to be maintained by graduate students. Future development work on this project will focus on expanding the rule set used for vulnerability detection and additional features.
To install the Secure Coding Assistant in Eclipse, go to the Help menu and click on “Install New Software.” The update site is http://bwprojects.org/SecureCodingPlugin (do not click the link, it only works in Eclipse).
If you are planning on downloading the source code you will want to use Eclipse IDE for Committers with the Plugin Development Environment (PDE) module loaded.
Version 2 development branch now available with work from Chen Li supporting “Design by Contract” and quick-correction feature on detected rules violations.
Version 3 (coming soon) enables both detection of secure coding rule violations and detection of program logic errors by using a combination of Design by Contract and Programming Logic.
The following additional project documentation is available at this time
Benjamin White, Jun Dai, Cui Zhang, “Secure Coding Assistant: Enforcing Secure Coding Practices Using the Eclipse Development Environment”. Proceedings of National Cyber Summit (NCS), Huntsville, AL, Jun 8-9, 2016.
Chen Li, Benjamin White, Jun Dai, Cui Zhang. 2017. “Enhancing Secure Coding Assistant With Error Correction and Contract Programming”. Proceeding of National Cyber Summit (NCS), Huntsville, AL, Jun 6-8, 2017.
Benjamin White, Jun Dai, Cui Zhang, “An Early Detection Tool in Eclipse to Enforce Secure Coding Practices”. International Journal of Information Privacy, Security and Integrity (IJIPSI), Inderscience, 2018.
Victor Melnik, Jun Dai, Cui Zhang, Benjamin White, “Enforcing Secure Coding Rules for the C Programing Language Using the Eclipse Development Environment”. Proceeding of National Cyber Summit (NCS), Huntsville, AL, Jun 4-6, 2019.
Wenhui Liang, Cui Zhang, Jun Dai, “Enhancing Secure Coding Assistant System with Design by Contract and Programming Logic”. Submitted to National Cyber Summit (NCS) 2021.
Ben White, email@example.com
Chen Li, firstname.lastname@example.org