OWASP CodeCrawler – Static Code Review Tool

Find your website's Achilles' Heel

CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project.

It provides automatic STRIDE classification a very simple DREAD calculator and few minor utilities. Direct links to WAST 2.0 Threat Classification, Secure Java Development Guidelines and OWASP Tools are also part of the package.


  • .NET Framework 3.5 (Service Pack 1)
  • Visual Studio 2008
  • Windows Platform

You can download CodeCrawler here:


Or read more here.

Posted in: Countermeasures, Programming, Security Software

, , , , , , , , , , , , , , , ,

Recent in Countermeasures:
- Securing MySQL Installation on Ubuntu 16.04 LTS
- Scirius – Suricata Ruleset Management Web Application
- Raptor WAF – C Based Web Application Firewall

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,322 views
- Password Hasher Firefox Extension - 117,917 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,759 views

4 Responses to OWASP CodeCrawler – Static Code Review Tool

  1. Hannibal March 23, 2010 at 12:09 pm #

    Personally i think this thing sucks :) It does not do a good a job, and Microsoft own tool fxcop is pretty damn awesome…

    But that’s only my opinion. :)

  2. aero March 25, 2010 at 9:02 am #


  3. dotnetprogrammer March 29, 2010 at 9:45 pm #

    Considering this thing alerts on COMMENTS the noise level is far beyond anything useful. Example if you have a comment with the word “Select” as in “selects items from an array and orders by value” this thing logs it as a critical fault (potential SQL injection).


  4. Darknet March 30, 2010 at 10:24 am #

    That sounds lame, gonna check out fxcop.