Yasca

From Wikipedia, the free encyclopedia
Yasca
Yascas Logo.png
"Yet Another Source Code Analyzer"
Developer(s)Michael Scovetta
Stable release
2.2 / June 4, 2010; 11 years ago (2010-06-04)
Written inPHP, Java
Operating systemCross-platform
Size12MB-155MB
Available inEnglish
TypeSoftware Quality, Software Security
LicenseBSD License, GPL License, GNU Lesser General Public License, Others
Websiteyasca.org,
sourceforge.net/projects/yasca/

Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external open source programs, such as FindBugs, PMD, , JavaScript Lint, , Cppcheck, ClamAV, , and to scan specific file types,[1] and also contains many custom scanners developed for Yasca. It is a command-line tool that generates reports in HTML, CSV, XML, MySQL, SQLite, and other formats. It is listed as an inactive project at the well-known OWASP security project,[2] and also in a government software security tools review at the U.S Department of Homeland Security web site.[3]

Languages Scanned[]

Yasca has at least one scanner for each of the following file types:

  • .NET (VB.NET, C#, ASP.NET)
  • ASP
  • C/C++
  • COBOL
  • ColdFusion
  • CSS
  • HTML
  • Java
  • JavaScript
  • Perl
  • PHP
  • Python
  • Raw HTTP Traffic
  • Visual Basic

Yasca 2.2[]

Version 2.2 was released in June 2010 and included a large number of minor updates over version 2.1, most notably, natively compiled plugins on Linux, reducing the need to use Wine. Version 2.2 contains some experimental modules, including a TCP packet logger and a rule to scan those logs for sensitive information. Additional rules for this are expected in the next update.

As with prior 2.x releases, Yasca comes packaged as a core bundle, plus separately downloadable plugins. No plugins are required, but best results occur when using all of the necessary plugins.

References[]

  1. ^ Clarke, Justin (2009). SQL Injection Attacks and Defense. Syngress. p. 125. ISBN 978-1-59749-424-3.
  2. ^ "Category:OWASP Yasca Project". OWASP. Retrieved 14 September 2010.
  3. ^ "Software Security Assessment Tools Review" (PDF). Homeland Security. Retrieved 14 September 2010.

External links[]

Retrieved from ""