Skip Demo
Not used
Try Klocwork on your code. Static source code analysis for FREE.
Request your free Klocwork Insight demo.
Learn how Klocwork can remove productivity bottlenecks in your development process.

More Information

Relevant Reads

FACT SHEET: Klocwork Solo for Java

Standalone source code analysis tools for the individual Java developer focused on mobile software or web application development [...]

WHITEPAPER: Source Code Analysis in an Agile World

To keep pace with ever-increasing customer demands on software functionality and time-to-market expectations, software developers have had to evolve the way they develop code to be both faster and higher quality [...]



Product Features - Web Application Developers


Java Source Code Analysis for Web Application Development

Enterprise-proven source code analysis is now available as a standalone developer desktop tool with Klocwork Solo. For Java developers focused on web application development, Klocwork Solo helps you find and fix critical security vulnerabilities in your code. With Klocwork Solo you can create more secure web applications by automatically finding many of the common vulnerabilities that make web applications an easy target for hackers.

Web developers: Remove security vulnerabilities

Web applications are a constant target for hackers who seek to damage a company's brand, steal their data, and generally disrupt their business activities. That's why it's critical that software developers have accurate, easy-to-use tools to help them identify potentially exploitable weaknesses in their code. Klocwork Solo automatically looks for hundreds of different defects and security vulnerabilities in Java source code, including:

  • Cross Site Scripting (XSS) vulnerabilities
  • Injection flaws (SQL, process, path, etc.)
  • NULL pointer exceptions
  • Resource leaks and resource lifetime management
  • Unvalidated inputs

Most of these weaknesses are related to the propagation of tainted data, where input from a user or another process is used without rigorous validation of its format, its range, or whatever else might make sense for the data type in question.

Fast, accurate analysis

Klocwork Solo provides fast, accurate source code analysis with low false positive results. To provide fast results, Klocwork uses incremental analysis to quickly review only the changed files and files affected by the changes (after the initial analysis has been performed). Additionally, Klocwork Solo's analysis results are persistent, allowing developers to see newly introduced issues and not waste time on issues that have already been investigated.

IDE Integration

Klocwork Solo uses the Eclipse Plug-in framework to fully integrate with the Eclipse Java IDE. Supported versions include 3.2, 3.3 and 3.4. Additionally, Klocwork Solo supports IBM Rational Application Developer, version 7.x.

Customizable Code Analysis

With Klocwork Solo, you can customize the code analysis to suit your needs. Modify specific defect parameters to focus on the errors you want to find and to reduce the detection of errors you aren't interested in. Change sources (defect start points), sinks (defect end points), propagations (defect escape points) and threshold values to meet your specific requirements. Project-level customization allows you to detect different types of issues for each project in your workspace, and by importing/exporting your settings files you can share your customization settings with other Klocwork Solo users.

Free Trial Available

Klocwork offers a fully functional, 30-day free trial of Klocwork Solo for Java. Download your copy today.

Price

Get a one-year subscription of Klocwork Solo for $599US per user.