It turns out there's a fair number of things you can do to screw up security, even in Java. Think SQL injection and cross-site scripting. Check out http://vulncat.fortifysoftware.com/ for a longish list of code-level defects that can cause security problems.
Static analysis has a lot more to offer than looking at the names of methods and variables. FindBugs ( http://findbugs.sourceforge.net/ ) is an excellent open-source tool for finding common problems in Java, though it's focus is much more on code quality rather than security.
Full disclosure: I'm one of the founders of Fortify.
Slashdot Mirror
It turns out there's a fair number of things you can do to screw up security, even in Java. Think SQL injection and cross-site scripting. Check out http://vulncat.fortifysoftware.com/ for a longish list of code-level defects that can cause security problems.
Static analysis has a lot more to offer than looking at the names of methods and variables. FindBugs ( http://findbugs.sourceforge.net/ ) is an excellent open-source tool for finding common problems in Java, though it's focus is much more on code quality rather than security.
Full disclosure: I'm one of the founders of Fortify.
Brian