16 March 2010 | 7,076 views

OWASP CodeCrawler – Static Code Review Tool

Prevent Network Security Leaks with Acunetix

CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project.

It provides automatic STRIDE classification a very simple DREAD calculator and few minor utilities. Direct links to WAST 2.0 Threat Classification, Secure Java Development Guidelines and OWASP Tools are also part of the package.

Requirements

  • .NET Framework 3.5 (Service Pack 1)
  • Visual Studio 2008
  • Windows Platform

You can download CodeCrawler here:

CODECRAWLER_2.5_RELEASE.zip

Or read more here.



Recent in Countermeasures:
- Twitter Patents Technique To Detect Mobile Malware
- Passera – Generate A Unique Strong Password For Every Website
- HoneyDrive 3 Released – The Premier Honeypot Bundle Distro

Related Posts:
- Agnitio v2.1 Released – Manual Security Code Review Tool
- The Top 10 PHP Security Vulnerabilities from OWASP
- OWASP (Open Web Application Security Project) Testing Guide v3 Released

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,113 views
- Password Hasher Firefox Extension - 117,000 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,552 views

Low-cost VPS Hosting

4 Responses to “OWASP CodeCrawler – Static Code Review Tool”

  1. Hannibal 23 March 2010 at 12:09 pm Permalink

    Personally i think this thing sucks :) It does not do a good a job, and Microsoft own tool fxcop is pretty damn awesome…

    But that’s only my opinion. :)

  2. aero 25 March 2010 at 9:02 am Permalink

    yes

  3. dotnetprogrammer 29 March 2010 at 9:45 pm Permalink

    Considering this thing alerts on COMMENTS the noise level is far beyond anything useful. Example if you have a comment with the word “Select” as in “selects items from an array and orders by value” this thing logs it as a critical fault (potential SQL injection).

    Lame.

  4. Darknet 30 March 2010 at 10:24 am Permalink

    That sounds lame, gonna check out fxcop.