Securing Development with PMD

Back in April I presented my Securing Development with PMD (Teaching an Old Dog New Tricks) presentation at OWASP AppSec DC. The main idea was to demonstrate how security can be integrated into development without introducing new tools to existing developer toolsets. As an example, I discussed how PMD, a well-known open source static analysis tool that finds code quality issues in Java source code, can be extended with custom rules to find common application security bugs. With minimal change to existing PMD deployments and without having to learn to use another new tool, Java developers can identify and remediate both code quality and security bugs together. You can download my presentation here and the latest version of the GDS Secure Coding Ruleset for PMD can be found on our GitHub web page here. I encourage developers as well as pen-testers to use and improve the ruleset. Enjoy!