Security code review tool Agnitio 2.1 released
Posted on 24 October 2011.
Agnitio is an application security tool developed by David Rook to help further the adoption of the Principles of Secure Development and to bring more repeatability and integrity to security code reviews.

Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.

The security code reviews in Agnitio are completed for a specific application profile. The profiles will give the reviewer details about the application being reviewed allowing them to understand the "real risk" associated with any of their findings.

The profiles include information such as the business importance of the application, the languages, frameworks and databases used, who designed the application and what types of data the application processes.

Major changes in this version include:
  • Windows x64 support
  • Automatically decompile Android .apk application to easily analyse the apps source code
  • Application profiles now have an application type of either web or mobile which allows only relevant checklist items to be displayed during the security code review
  • Create new checklist questions and mark them as web or mobile
  • Modify existing checklist questions text, principle and application type
  • C# and Java rules from the OWASP Code Crawler project have been imported into the Agnitio database and linked to relevant checklist questions.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th