16 March 2010 | 7,084 views

OWASP CodeCrawler – Static Code Review Tool

Check For Vulnerabilities with Acunetix

CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project.

It provides automatic STRIDE classification a very simple DREAD calculator and few minor utilities. Direct links to WAST 2.0 Threat Classification, Secure Java Development Guidelines and OWASP Tools are also part of the package.

Requirements

  • .NET Framework 3.5 (Service Pack 1)
  • Visual Studio 2008
  • Windows Platform

You can download CodeCrawler here:

CODECRAWLER_2.5_RELEASE.zip

Or read more here.



Recent in Countermeasures:
- StegExpose – Steganalysis Tool For Detecting Steganography In Images
- Twitter Patents Technique To Detect Mobile Malware
- Passera – Generate A Unique Strong Password For Every Website

Related Posts:
- Agnitio v2.1 Released – Manual Security Code Review Tool
- The Top 10 PHP Security Vulnerabilities from OWASP
- OWASP (Open Web Application Security Project) Testing Guide v3 Released

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,154 views
- Password Hasher Firefox Extension - 117,025 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,554 views

Low-cost VPS Hosting

4 Responses to “OWASP CodeCrawler – Static Code Review Tool”

  1. Hannibal 23 March 2010 at 12:09 pm Permalink

    Personally i think this thing sucks :) It does not do a good a job, and Microsoft own tool fxcop is pretty damn awesome…

    But that’s only my opinion. :)

  2. aero 25 March 2010 at 9:02 am Permalink

    yes

  3. dotnetprogrammer 29 March 2010 at 9:45 pm Permalink

    Considering this thing alerts on COMMENTS the noise level is far beyond anything useful. Example if you have a comment with the word “Select” as in “selects items from an array and orders by value” this thing logs it as a critical fault (potential SQL injection).

    Lame.

  4. Darknet 30 March 2010 at 10:24 am Permalink

    That sounds lame, gonna check out fxcop.