IBM adds to Java Security

By Steve Malone

Posted on 23 Jun 2006 at 10:32

IBM has released a number of free tools to help improve the security of Java applications.
Among the tools on offer is automatic data encryption for Java.

The company says that the IBM Secure Shell Library for Java automatically encrypts data transmitted from one computer to another, including passwords and information stored in files, therefore preventing it from being exposed to hackers and other online menaces.

IBM promises that with this technology, organisations can now transfer large amounts of information between servers in a manner secure enough to meet a defined SSH standard.

This industry standard for encryption is a requirement for use in business where security is paramount such as banking, e-commerce and healthcare - areas where privacy and secure data transfers are critical requirements to protect consumer data.

To allow developers to more easily configure and validate Java applications that support the Java and OSGi industry security standards IBM is providing the Security Workbench Development Environment for Java (SWORD4J).

Available as a set of Eclipse IDE plug-ins, the tool probes for violations of security best practices and reports them back to the developer. In addition, IBM says that the tool lets developers and application providers identify authorisation requirements and embed authorisation privileges when building new applications.

Until now, developers have needed to run applications through a variety of test cases to cover all eventualities and ensure total security. Without running the application code, IBM claims that the new tool determines the authorisation requirements without the hours of testing.

This results in more accurate security policies with far less effort. The tool supports code signing and can also be run in a non-IDE mode as part of an application build process.
The software is available through the IBM Alphaworks test site.