Agnitio is an application security tool developed by David Rook to help further the adoption of the Principles of Secure Development and to bring more repeatability and integrity to security code reviews.

Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.


The security code reviews in Agnitio are completed for a specific application profile. The profiles will give the reviewer details about the application being reviewed allowing them to understand the "real risk" associated with any of their findings.

The profiles include information such as the business importance of the application, the languages, frameworks and databases used, who designed the application and what types of data the application processes.

Major changes in this version include:

• Windows x64 support
• Automatically decompile Android .apk application to easily analyse the apps source code
• Application profiles now have an application type of either web or mobile which allows only relevant checklist items to be displayed during the security code review
• Create new checklist questions and mark them as web or mobile
• Modify existing checklist questions text, principle and application type
• C# and Java rules from the OWASP Code Crawler project have been imported into the Agnitio database and linked to relevant checklist questions.