In the context of industry 4.0 networking the topic security is increasingly gaining importance. Not only functional aspects must be implemented, but also sufficient measures to prevent typical attack vectors. A consistent application and verification of security coding rules is an inherent component of these measures.
This thesis shall apply the ‚SEI CERT Oracle Coding Standard for Java‘ and extend the existing implementations of those rules in the statical code analysis tool SonarQube.The task includes the analysis of CERT rules that are not yet implemented in SonarQube and whether these can even be tested/implemented. For all rules that cannot be implemented, alternative methods must be worked out, like programming guidelines, security design requirements or manual verification via code review. The goal is a complete test suite based on the CERT rules.
The main tasks are designing and implementing the rules in Java for SonarQube and the creation of test cases to prove the applicability of those rules. The rule set shall be documented in a user-oriented way.
We look forward to receiving your application, via E-Mail.
Begin: as of now / Duration: 6 months (scalable) // Work location: Stuttgart
Postfach 10 24 31 · 70020 Stuttgart
T +49 711 21037-00 · F 21037-53