OWASP Code Crawler v2.5 released

by

In: Code Auditing , Code Crawler , Configurations checks , Owasp

24 January 2010

A tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. The aim of the tool is to accompany the OWASP Code review Guide and to implement a total code review solution for "everyone".

Changelog :

Code Crawler Editor

  • Find (CTRL+F)
  • Mark Findings
  • Select All (CTRL+A)
  • Copy as RTF (sweet)
  • CodeFolding
  • SyntaxHighlight
  • BracketMatching
  • Unlimited Undo/Redo buffer
  • Bookmarks
  • Go to line (CTRL+G)
  • Replace
  • Breakpoints

Single Scan Form

  • New User Interface
  • STRIDE Classification
  • Direct links to MSDN, Google
  • Shortcuts to Notepad, Calc
  • Threats Count
  • Printing
  • RTF Report

Visual Studio .NET (for VS 2005 - 2008)

  • Supports ONLY C# Project files (*.csjpro)
  • Bigger fonts

Mainform

  • New User Interface
  • Links to OWASP content
  • WASC Threat Classification 2.0
  • Removed OWASP Browser
  • Removed Network Scan
  • Removed Reporting Frame

Database

  • 286 Keywords (Tripurai Rai)
  • Multi STRIDE Schema (Tripurai Rai)
  • Refactoring (Tripurai Rai)

Utilities

  • ASP.NET ViewState Decoder
  • DREAD Calculator
JPEG - 5.3 kb

Currently supports

  • .NET (specifically C#)
  • Java

Requirements

  • .NET Framework 3.5 (Service Pack 1)
  • Visual Studio 2008
  • Windows Platform
JPEG - 20.4 kb

Please note that OWASP Code Crawler requires Microsoft .NET Framework 3.5 in order to run.

For more information about this tool, see the Official Web

Post scriptum

Compliance Mandates

  • Code Auditing :

    PCI/DSS 6.3.6, 6.3.7, 6.6, SOX A12.8, GLBA 16CFR Part 314.4(b) and (2);FISMA RA-5, SC-18, SA-11 SI-2, and ISO 27001/27002 (12.4.1, 12.4.3, 12.5)


Related Articles

Code Auditing
Code Crawler
Configurations checks
Owasp