285:
22:
126:
420:. Version 2.2 contains some experimental modules, including a TCP packet logger and a rule to scan those logs for sensitive information. Additional rules for this are expected in the next update.
423:
As with prior 2.x releases, Yasca comes packaged as a core bundle, plus separately downloadable plugins. No plugins are required, but best results occur when using all of the necessary plugins.
416:
Version 2.2 was released in June 2010 and included a large number of minor updates over version 2.1, most notably, natively compiled plugins on Linux, reducing the need to use
344:
to scan specific file types, and also contains many custom scanners developed for Yasca. It is a command-line tool that generates reports in HTML, CSV, XML,
304:
program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external
562:
557:
457:
290:
243:
105:
356:
security project, and also in a government software security tools review at the U.S Department of
Homeland Security web site.
43:
498:
341:
183:
150:
86:
58:
32:
65:
39:
72:
337:
305:
301:
449:
220:
54:
473:
453:
325:
441:
230:
190:
317:
417:
442:
313:
195:
551:
79:
239:
235:
21:
280:
136:
202:
352:, and other formats. It is listed as an inactive project at the well-known
329:
309:
264:
125:
542:
364:
Yasca has at least one scanner for each of the following file types:
349:
333:
321:
538:
353:
345:
179:
15:
531:
255:
250:
229:
219:
211:
201:
189:
175:
149:
135:
46:. Unsourced material may be challenged and removed.
8:
118:
499:"Software Security Assessment Tools Review"
124:
117:
106:Learn how and when to remove this message
432:
7:
291:Free and open-source software portal
44:adding citations to reliable sources
225:Software Quality, Software Security
130:"Yet Another Source Code Analyzer"
14:
444:SQL Injection Attacks and Defense
244:GNU Lesser General Public License
283:
20:
31:needs additional citations for
563:Software using the BSD license
474:"Category:OWASP Yasca Project"
1:
558:Static program analysis tools
579:
368:.NET (VB.NET, C#, ASP.NET)
156:2.2 / June 4, 2010
171:
145:
123:
440:Clarke, Justin (2009).
158:; 14 years ago
448:. Syngress. p.
40:improve this article
120:
308:programs, such as
506:Homeland Security
459:978-1-59749-424-3
360:Languages Scanned
279:
278:
116:
115:
108:
90:
570:
535:
534:
532:Official website
517:
516:
514:
512:
503:
495:
489:
488:
486:
484:
470:
464:
463:
447:
437:
404:Raw HTTP Traffic
293:
288:
287:
286:
275:
272:
270:
268:
266:
260:
257:
191:Operating system
166:
164:
159:
141:Michael Scovetta
128:
121:
111:
104:
100:
97:
91:
89:
48:
24:
16:
578:
577:
573:
572:
571:
569:
568:
567:
548:
547:
530:
529:
526:
521:
520:
510:
508:
501:
497:
496:
492:
482:
480:
472:
471:
467:
460:
439:
438:
434:
429:
414:
362:
322:JavaScript Lint
289:
284:
282:
263:
262:
254:
167:
162:
160:
157:
131:
112:
101:
95:
92:
49:
47:
37:
25:
12:
11:
5:
576:
574:
566:
565:
560:
550:
549:
546:
545:
536:
525:
524:External links
522:
519:
518:
490:
465:
458:
431:
430:
428:
425:
413:
410:
409:
408:
405:
402:
399:
396:
393:
390:
387:
384:
381:
378:
375:
372:
369:
361:
358:
295:
294:
277:
276:
252:
248:
247:
233:
227:
226:
223:
217:
216:
213:
209:
208:
205:
199:
198:
196:Cross-platform
193:
187:
186:
177:
173:
172:
169:
168:
155:
153:
151:Stable release
147:
146:
143:
142:
139:
133:
132:
129:
114:
113:
96:September 2010
28:
26:
19:
13:
10:
9:
6:
4:
3:
2:
575:
564:
561:
559:
556:
555:
553:
544:
540:
537:
533:
528:
527:
523:
507:
500:
494:
491:
479:
475:
469:
466:
461:
455:
451:
446:
445:
436:
433:
426:
424:
421:
419:
411:
406:
403:
400:
397:
394:
391:
388:
385:
382:
379:
376:
373:
370:
367:
366:
365:
359:
357:
355:
351:
347:
343:
339:
335:
331:
327:
323:
319:
315:
311:
307:
303:
299:
292:
281:
274:
259:
253:
249:
245:
241:
237:
234:
232:
228:
224:
222:
218:
214:
210:
206:
204:
200:
197:
194:
192:
188:
185:
181:
178:
174:
170:
154:
152:
148:
144:
140:
138:
134:
127:
122:
110:
107:
99:
88:
85:
81:
78:
74:
71:
67:
64:
60:
57: –
56:
52:
51:Find sources:
45:
41:
35:
34:
29:This article
27:
23:
18:
17:
511:14 September
509:. Retrieved
505:
493:
483:14 September
481:. Retrieved
477:
468:
443:
435:
422:
415:
407:Visual Basic
363:
297:
296:
212:Available in
137:Developer(s)
102:
93:
83:
76:
69:
62:
50:
38:Please help
33:verification
30:
306:open source
302:open source
265:sourceforge
240:GPL License
236:BSD License
552:Categories
427:References
392:JavaScript
380:ColdFusion
207:12MB-155MB
176:Written in
163:2010-06-04
66:newspapers
412:Yasca 2.2
269:/projects
330:Cppcheck
310:FindBugs
246:, Others
326:PHPLint
251:Website
231:License
215:English
161: (
80:scholar
55:"Yasca"
543:GitHub
456:
401:Python
350:SQLite
340:, and
334:ClamAV
300:is an
271:/yasca
82:
75:
68:
61:
53:
539:yasca
502:(PDF)
478:OWASP
377:COBOL
374:C/C++
354:OWASP
346:MySQL
318:JLint
298:Yasca
256:yasca
119:Yasca
87:JSTOR
73:books
513:2010
485:2010
454:ISBN
418:Wine
395:Perl
389:Java
386:HTML
342:RATS
338:Pixy
267:.net
258:.org
221:Type
203:Size
184:Java
59:news
541:on
450:125
398:PHP
383:CSS
371:ASP
314:PMD
180:PHP
42:by
554::
504:.
476:.
452:.
348:,
336:,
332:,
328:,
324:,
320:,
316:,
312:,
242:,
238:,
182:,
515:.
487:.
462:.
273:/
261:,
165:)
109:)
103:(
98:)
94:(
84:·
77:·
70:·
63:·
36:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.