Assessing Java Coding Vulnerabilities in Undergraduate Software Engineering Education by Using Open Source Vulnerability Analysis Tools

Abstract

Security and quality are two vital attributes of any software application no matter how infinitesimal it might be. Tackling a software problem by its source is one of the most trusted models used in problem solving approaches. In this paper, we want to ensure that all undergraduate Java learners write codes based on the security and quality guidelines expected in the industry right from the day they start learning “Hello World!” in Java. In the research, sample codes getting from several Java books used in teaching Java concepts for undergraduate courses were used as the case study. These sample codes were tested using an open source tool developed based on security and quality guidelines. The tool determines the vulnerability level in any Java code passed as an input to it then it analyzes the code and generates a report indicating the threat level based on the vulnerabilities in the code. The results of this paper will be published and authors of the selected books for the research will be notified with those vulnerabilities in their source codes along with suggestions for fixing those vulnerabilities.