Novinky, s ktorými prišla Java 7 / Features and enhancements of Java 7

Staš, Jakub

January 2013

Nowadays there is wide variety of programming languages and platforms providing com-plex set of tools for software development -- from mobile and desktop applications up to server applications. Java is one of the most popular choices for software project develop-ment since many years. Many changes and improvements of the Java language occurred throughout 23 years of development of the platform. Current version brings many changes description of whom is considered to be beneficial not only for developers but also for the community around Java platform. This thesis covers the changes that were introduced in the release of Java 7. The thesis lists the short review of main historical events that happened since the beginning of the platform and analyses changes in libraries as well as describes syntactical changes. Primary focus is placed on the NIO (New I/O) library, whose current name is Non-Blocking I/O (NIO.2). Even though massive changes had occurred in this library, not many people actually noticed anything. This unfortunate situation is now described as a quiet revolution. Last but not least a description of changes in other libraries and Java Virtual Machine is presented.

Enhancing CryptoGuard's Deployability for Continuous Software Security Scanning

Frantz, Miles Eugene

21 May 2020

The increasing development speed via Agile may introduce overlooked security steps in the process, with an example being the Iowa Caucus application. Verifying the protection of confidential information such as social security numbers requires security at all levels, providing protection through any connected applications. CryptoGuard is a static code analyzer for Java. This program verifies that developers do not leave vulnerabilities in their application. The program aids the developer by identifying cryptographic misuses such as hard-coded keys, weak program hashes, and using insecure protocols. In my Master thesis work, I made several important contributions to improving the deployability, accessibility, and usability of CryptoGuard. I extended CryptoGuard to scan source and compiled code, created live documentation, and supported a dual cloud and local tool-suite. I also created build tool plugins and a program aid for CryptoGuard. In addition, I also analyzed several Java-related surveys encompassing more than 50,000 developers and reported interesting current practices of real-world software developers. / Master of Science / Throughout the rise of software development, there has been an increase in development speed with developers embracing methodologies that use higher rates of changes, such as Agile. Since Agile naturally addresses "problems of rapid change", this also increases the likelihood of insecure and vulnerable coding practices. Though consumers depend on various public applications, there can still be failures throughout the development process in applications such as the Iowa caucus application. It was determined the Iowa cacus application development teams' repository credentials (API key) was left within the application itself. API keys provide the credential to be able to directly interact with server systems, and if left unguarded can be easily exploited. Since the Iowa cacus application was released publicly, malicious actors (other people looking to exploit the application) may have already discovered this credential. Within our team we have created CryptoGuard, a program to analyze applications to detect cryptographic issues such as an API key. Creating it with scalability in mind, it was created to be able to scan enterprise code at a reasonable speed. To ensure its use within companies, we have been working on extending and enhancing the work to the current needs of Java developers. Verifying the current Java landscape, we investigated three different companies and their developer ecosystem surveys that are publicly available. Amongst these companies are; JetBrains, known for their Integrated Development Environments (IDE, or application to help write applications) and their own programming language, Snyk, known for their public security platform and anti-virus capability, and Jakarta EE, which is the new platform for the enterprise version of Java. Throughout these surveys, we accumulate more than 50,000 developers' responses, spanning various countries, company experience, and ages. With their responses amalgamated, we enhance CryptoGuard to be available to as many developers and their requests as possible.First, CryptoGuard is enhanced to scan a projects source code. After that, ensuring our project is hosted by a cloud service, we actively are extending our project to the Security Assurance Marketplace (SWAMP). Funded by the DHS, SWAMP not only supplies a public cloud for developers to use, but a local download option to scan a program within the user's own computer. Next, we create a plugin for two most used build tools, Gradle and Maven. Then to ensure CryptoGuard can be have reactive aide, CryptoSoule is created to aide minimal interface aide. Finally utilizing a live documentation service, an open source documentation website was created to provide working examples to the community.

Cryptoguard

Static-Code Analyzer

Java

Deployment Grade

Gradle

Maven

Java 8

Java 7

Java 11