Security-Related Code Quality Metrics in Java Source Code



Start date: as soon as possible

Duration: 3 months

More details:


Keeping applications safe in the long-term is extremely difficult - especially if they grow in size and developer count rapidly. It is essential to monitor and improve the code quality of the application steadily to ensure that developers keep in mind security-related best practices and do not get used to bad habits. This will reduce the possibility of critical security issues immensely in the long term.

The goal if this thesis is to describe already established and widely known security-related code quality metrics for Java source code and research new metrics based on cutting-edge Java language features and frameworks. A basic static code analysis tool based on abstract syntax trees should be implemented that supports the most critical metrics researched earlier and that can perform an analysis of the most common open-source Java projects.


  • Advanced Java knowledge
  • Basic understanding of web application security