[ad]
CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project.
It provides automatic STRIDE classification a very simple DREAD calculator and few minor utilities. Direct links to WAST 2.0 Threat Classification, Secure Java Development Guidelines and OWASP Tools are also part of the package.
Requirements
- .NET Framework 3.5 (Service Pack 1)
- Visual Studio 2008
- Windows Platform
You can download CodeCrawler here:
Or read more here.
Hannibal says
Personally i think this thing sucks :) It does not do a good a job, and Microsoft own tool fxcop is pretty damn awesome…
But that’s only my opinion. :)
aero says
yes
dotnetprogrammer says
Considering this thing alerts on COMMENTS the noise level is far beyond anything useful. Example if you have a comment with the word “Select” as in “selects items from an array and orders by value” this thing logs it as a critical fault (potential SQL injection).
Lame.
Darknet says
That sounds lame, gonna check out fxcop.