Lapse for auditing Java Applications V.2.5.6 added to SD ToolsWatch Process

8 March 2007

LAPSE stands for a Lightweight Analysis for Program Security in Eclipse. LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications.

LAPSE targets the following Web application vulnerabilities:

Parameter manipulation
Header manipulation
Cookie poisoning
Command-line parameters
SQL injections
Cross-site scripting
HTTP splitting
Path traversal

LAPSE is inspired by existing lightweight security auditing tools such as RATS, pscan, and FlawFinder. Unlike those tools, however, LAPSE addresses vulnerabilities in Web applications. LAPSE is not intended as a comprehensive solution for Web application security, but rather as an aid in the code review process

Post scriptum

Download

Compliance Mandates

Code Auditing :
PCI/DSS 6.3.6, 6.3.7, 6.6, SOX A12.8, GLBA 16CFR Part 314.4(b) and (2);FISMA RA-5, SC-18, SA-11 SI-2, and ISO 27001/27002 (12.4.1, 12.4.3, 12.5)

Code Auditing	10 May 2010 : WebTest 1.2.1 - Testing Web Application with Python 7 May 2010 : fuu v0.1 Beta - [F]aster [U]niversal [U]npacker 24 April 2010 : Security Ninja security tool announcement 22 April 2010 : OWASP Code Crawler v2.7 released 7 April 2010 : CWE/SANS Top 25 list updated to v1.0.3
Lapse	8 March 2007 : Lapse for auditing Java Applications V.2.5.6 added to SD ToolsWatch Process