

Tooling Recommendations for Secure Coding

Version: 2.0

---

Security Related Static Code Analysis

Find Security Bugs², FindBugs plugin is the recommended tool for performing static security analysis.

WSO2 Document Reference

Further information on using OWASP Zed Attack Proxy (ZAP) with WSO2 recommended security policies are available in the Engineering Guidelines - Tooling - Static Code Analysis using FindSecurityBugs document.

Security Related Dynamic Analysis

OWASP Zed Attack Proxy(ZAP)¹ is the recommended tool for performing dynamic security analysis.

WSO2 Document Reference

Further information on using OWASP Zed Attack Proxy (ZAP) with WSO2 recommended security policies are available in the Engineering Guidelines - Tooling - Dynamic Analysis with OWASP ZAP document.

Dependency Vulnerability Analysis

OWASP Dependency Check³ is the recommended tool for performing dependency vulnerability analysis.

WSO2 Document Reference

Further information on using OWASP Dependency Check is documented at Engineering Guidelines - External Dependency Analysis using OWASP Dependency Check document.

References

---

1. https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ↩

2. http://find-sec-bugs.github.io/ ↩

3. https://www.owasp.org/index.php/OWASP_Dependency_Check ↩