Security code review tool Agnitio 2.1 released
Posted on 24 October 2011.
Agnitio is an application security tool developed by David Rook to help further the adoption of the Principles of Secure Development and to bring more repeatability and integrity to security code reviews.

Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.

The security code reviews in Agnitio are completed for a specific application profile. The profiles will give the reviewer details about the application being reviewed allowing them to understand the "real risk" associated with any of their findings.

The profiles include information such as the business importance of the application, the languages, frameworks and databases used, who designed the application and what types of data the application processes.

Major changes in this version include:
  • Windows x64 support
  • Automatically decompile Android .apk application to easily analyse the apps source code
  • Application profiles now have an application type of either web or mobile which allows only relevant checklist items to be displayed during the security code review
  • Create new checklist questions and mark them as web or mobile
  • Modify existing checklist questions text, principle and application type
  • C# and Java rules from the OWASP Code Crawler project have been imported into the Agnitio database and linked to relevant checklist questions.


Best practices for ensuring compliance in the age of cloud computing

Here are the major considerations organizations should incorporate into their compliance programs, as well as pitfalls that can be avoided to ensure businesses stay compliant while using cloud computing.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Sep 3rd