We’re about a month away from the BSides London conference where I’ll be giving my first public presentation in their rookie track. Here I’ll be talking about an Eclipse plugin I’ve been developing and testing here in Realex Payments over the last few months – ESP: Security Plugin.
I hope you’ll come along in order to hear me explain what static analysis is, and how I’ve discarded the standard approach of running these tools every night as part of a continuous integration build and instead integrated the checks into the developers IDE, running them as they write code. The immediate feedback provided by ESP helps developers not only correct bugs earlier in the development lifecycle, taking up less of the developers time allowing them to focus on new features and product improvements, but also helps reinforce secure coding standards with your developers.
Leaving the talk you’ll have enough details to painlessly plug ESP: Security Plugin into any current Eclipse installation, and get up and running, having your code audited in real time. You’ll be able to grab a copy of the source code if you want to commit any changes or give it a read, but I’ll provide an Eclipse update site for easy roll outs.
Diarmaid McManus, Application Security Analyst