16 March 2010 | 7,163 views

OWASP CodeCrawler – Static Code Review Tool

Cyber Raptors Hunting Your Data?

CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project.

It provides automatic STRIDE classification a very simple DREAD calculator and few minor utilities. Direct links to WAST 2.0 Threat Classification, Secure Java Development Guidelines and OWASP Tools are also part of the package.


  • .NET Framework 3.5 (Service Pack 1)
  • Visual Studio 2008
  • Windows Platform

You can download CodeCrawler here:


Or read more here.


Recent in Countermeasures:
- Scumblr by Netflix – Automatically Scan For Leaks
- WP Security Audit Log – A Complete Audit Log Plugin For WordPress
- Amazon AWS Web Application Firewall (WAF ) Launched

Related Posts:
- Agnitio v2.1 Released – Manual Security Code Review Tool
- The Top 10 PHP Security Vulnerabilities from OWASP
- OWASP (Open Web Application Security Project) Testing Guide v3 Released

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,751 views
- Password Hasher Firefox Extension - 117,492 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,642 views

Advertise on Darknet

4 Responses to “OWASP CodeCrawler – Static Code Review Tool”

  1. Hannibal 23 March 2010 at 12:09 pm Permalink

    Personally i think this thing sucks :) It does not do a good a job, and Microsoft own tool fxcop is pretty damn awesome…

    But that’s only my opinion. :)

  2. aero 25 March 2010 at 9:02 am Permalink


  3. dotnetprogrammer 29 March 2010 at 9:45 pm Permalink

    Considering this thing alerts on COMMENTS the noise level is far beyond anything useful. Example if you have a comment with the word “Select” as in “selects items from an array and orders by value” this thing logs it as a critical fault (potential SQL injection).


  4. Darknet 30 March 2010 at 10:24 am Permalink

    That sounds lame, gonna check out fxcop.