Agnitio: Security code review tool

Agnitio is an application security tool developed by David Rook to help further the adoption of the Principles of Secure Development and to bring more repeatability and integrity to security code reviews.

Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.

The security code reviews in Agnitio are completed for a specific application profile. The profiles will give the reviewer details about the application being reviewed allowing them to understand the “real risk” associated with any of their findings.

The profiles include information such as the business importance of the application, the languages, frameworks and databases used, who designed the application and what types of data the application processes.

Agnitio currently supports two different reporting options for any review completed using the tool.




Share this