OWASP CodeCrawler – Static Code Review Tool
CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project.
It provides automatic STRIDE classification a very simple DREAD calculator and few minor utilities. Direct links to WAST 2.0 Threat Classification, Secure Java Development Guidelines and OWASP Tools are also part of the package.
Requirements
- .NET Framework 3.5 (Service Pack 1)
- Visual Studio 2008
- Windows Platform
You can download CodeCrawler here:
Or read more here.
Posted in: 
Recent in Countermeasures:
- Noted Chinese Hacker Wicked Rose Heading Antivirus Company Anvisoft
- HoneyDrive – Honeypots In A Box
- Microsoft Patches Critical Security Vulnerabilities In Windows, Office, IE, Exchange & SQL Server
Related Posts:
- The Top 10 PHP Security Vulnerabilities from OWASP
- OWASP (Open Web Application Security Project) Testing Guide v3 Released
- WebScarab – Web Application Analysis – New Version
Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 117,840 views
- Password Hasher Firefox Extension - 115,945 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,465 views
Personally i think this thing sucks :) It does not do a good a job, and Microsoft own tool fxcop is pretty damn awesome…
But that’s only my opinion. :)
yes
Considering this thing alerts on COMMENTS the noise level is far beyond anything useful. Example if you have a comment with the word “Select” as in “selects items from an array and orders by value” this thing logs it as a critical fault (potential SQL injection).
Lame.
That sounds lame, gonna check out fxcop.