• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Junilu Lacar
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Piet Souris
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
Bartenders:
  • Himai Minh
  • Carey Brown
  • Frits Walraven

Java Swing Vulnerability Scanner

 
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Would anyone be able to recommend a  Vulnerability Scanner for a Java Swing application I have to test? My heart is broke trying to get one to work. I have tried sonarcloud but I can't get it to work, I have used it before without problems with some Java programs, sonarqube wont work for me, Junit involves writing code which I would prefer not to have to do.  Can anyone help me?
 
Sheriff
Posts: 8012
563
Mac OS X VI Editor BSD Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Question is too difficult for Beginning Java forum, henced moved it to Java in General.

However, question isn't much related to Java either. Let's see what other forums we could find which fit better.
 
Marshal
Posts: 3604
512
Android Eclipse IDE TypeScript Redhat MicroProfile Quarkus Java Linux
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When you say Vulnerability Scanner do you mean a penetration tester like Metasploit, or a static code analysis tool/plugin like SonarQube or FindBugs?
 
Johnny Quinn
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry for posting in the wrong forum,  I posted there because I'm a beginner at Java myself. I was looking for static and dynamic analysis, the application I'm trying to test is not a web app, if it was I might have tried zap or burp suite, I tried Sonarqube but couldn't get it to run and I tried firebug in Netbeans but it is no longer supported. I have just managed to get Sonarlint to run. Do you know of any other not to difficult options for a vulnerability scanner?
 
Saloon Keeper
Posts: 7039
164
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A quick search for SpotBugs (the successor to the obsolete FindBugs) extensions comes up blank wrt. GUI security. https://find-sec-bugs.github.io/ is for web apps, whereas http://fb-contrib.sourceforge.net/ has some GUI checks, but none for security issues specifcially. Still, it's generally worthwhile to hook SpotBugs into your build pipeline and check its report.
 
Johnny Quinn
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for that , I will check them out
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic