安全代碼審查工具 Agnitio 2.1 發布

Agnitio是一個安全代碼審查工具，可以幫助開發者和專業安全人員以一種一致和可重復得方式進行代碼審查。Agnitio的目標是取代安全代碼審查過程中人工撰寫文檔的方式，創建一個審計跟蹤和報告。
項目地址：http://sourceforge.net/projects/agnitiotool/?_test=beta

目前,Agnitio更新至2.1版,新版主要改變:

• Windows x64 support (thanks to Steven van der Baan).
• Decompile Android .apk files so you can analyse the source code and AndroidManifest.xml file. This uses tools like JAD so you will need to have Java installed on your machine to decompile the Android .apk files.
• C# and Java rules from the OWASP Code Crawler tool imported into the Agnitio database and linked to the relevant checklist questions.
• New checklist items for mobile application security code reviews. These checklist items were created to address items in the OWASP top 10 mobile risks project that weren’t covered by existing checklist items.
• Application profiles can now be configured as either “Web” or “Mobile”. This will determine which checklist items from the database are used to create the checklist for the application being reviewed.
• Create new checklist items. You will be able configure the relevant principle of secure development for the new checklist item as well as deciding whether this is a question for “Web”, “Mobile” or “Both”types of applications.
• Modify existing checklist items. This was supposed to be included in v2.0 but a last minute changes made broke this functionality. You can now modify the text, the principle and type columns for questions in the checklist database.
• Only one answer allowed per checklist item (thanks to Steven van der Baan).
• Fixed a bug on the security code review tab where checklist items with no answers are highlighted in red and never “un-highlighted” (thanks to Steven van der Baan).
• Added a language checkbox for Objective-C on the profile creation and view profile tabs.
• Checklists are now sorted by principle and not by the question number.