Statically scanning Java code: Finding security vulnerabilities

John Viega, Gary McGraw, Tom Mutdosch, Edward W. Felten

Research output: Contribution to journalArticlepeer-review

29 Scopus citations


The source code scanning tool Jslint helps programmers automatically utilize existing security knowledge. The tool identifies insecure coding practices, by scanning for common problems, to prevent bugs familiar to the security community. Java's approach to security includes memory encapsulation techniques and access control mechanisms built on the stack-inspection technique. Developers can use tool on parts of the platform, Java applications, or applet code so that software is likely to contain security-critical bugs.

Original languageEnglish (US)
Pages (from-to)68-74
Number of pages7
JournalIEEE Software
Issue number5
StatePublished - Sep 2000

All Science Journal Classification (ASJC) codes

  • Software


Dive into the research topics of 'Statically scanning Java code: Finding security vulnerabilities'. Together they form a unique fingerprint.

Cite this