Agnitio 2.1 发布,安全代码审查工具

鉴客
 鉴客
发布于 2011年10月25日
收藏 3

Agnitio是一个安全代码审查工具,可以帮助开发者和专业安全人员以一种一致和可重复得方式进行代码审查。Agnitio的目标是取代安全代码审查过程中人工撰写文档的方式,创建一个审计跟踪和报告。

目前,Agnitio更新至2.1版,新版主要改变:

  • Windows x64 support (thanks to Steven van der Baan).
  • Decompile Android .apk files so you can analyse the source code and AndroidManifest.xml file. This uses tools like JAD so you will need to have Java installed on your machine to decompile the Android .apk files.
  • C# and Java rules from the OWASP Code Crawler tool imported into the Agnitio database and linked to the relevant checklist questions.
  • New checklist items for mobile application security code reviews. These checklist items were created to address items in the OWASP top 10 mobile risks project that weren’t covered by existing checklist items.
  • Application profiles can now be configured as either “Web” or “Mobile”. This will determine which checklist items from the database are used to create the checklist for the application being reviewed.
  • Create new checklist items. You will be able configure the relevant principle of secure development for the new checklist item as well as deciding whether this is a question for “Web”, “Mobile” or “Both”types of applications.
  • Modify existing checklist items. This was supposed to be included in v2.0 but a last minute changes made broke this functionality. You can now modify the text, the principle and type columns for questions in the checklist database.
  • Only one answer allowed per checklist item (thanks to Steven van der Baan).
  • Fixed a bug on the security code review tab where checklist items with no answers are highlighted in red and never “un-highlighted” (thanks to Steven van der Baan).
  • Added a language checkbox for Objective-C on the profile creation and view profile tabs.
  • Checklists are now sorted by principle and not by the question number.
本站文章除注明转载外,均为本站原创或编译。欢迎任何形式的转载,但请务必注明出处,尊重他人劳动共创开源社区。
转载请注明:文章转载自 OSCHINA 社区 [http://www.oschina.net]
本文标题:Agnitio 2.1 发布,安全代码审查工具
加载中

最新评论(2

代代1
z
返回顶部
顶部