This article needs additional citations for verification . (September 2010) (Learn how and when to remove this template message) |
"Yet Another Source Code Analyzer" | |
Developer(s) | Michael Scovetta |
---|---|
Stable release | 2.2 / June 4, 2010 |
Written in | PHP, Java |
Operating system | Cross-platform |
Size | 12MB-155MB |
Available in | English |
Type | Software Quality, Software Security |
License | BSD License, GPL License, GNU Lesser General Public License, Others |
Website | yasca sourceforge |
Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external open source programs, such as FindBugs, PMD, JLint, JavaScript Lint, PHPLint, Cppcheck, ClamAV, Pixy, and RATS to scan specific file types, [1] and also contains many custom scanners developed for Yasca. It is a command-line tool that generates reports in HTML, CSV, XML, MySQL, SQLite, and other formats. It is listed as an inactive project at the well-known OWASP security project, [2] and also in a government software security tools review at the U.S Department of Homeland Security web site. [3]
Yasca has at least one scanner for each of the following file types:
Version 2.2 was released in June 2010 and included a large number of minor updates over version 2.1, most notably, natively compiled plugins on Linux, reducing the need to use Wine. Version 2.2 contains some experimental modules, including a TCP packet logger and a rule to scan those logs for sensitive information. Additional rules for this are expected in the next update.
As with prior 2.x releases, Yasca comes packaged as a core bundle, plus separately downloadable plugins. No plugins are required, but best results occur when using all of the necessary plugins.
Bluefish is a free software advanced text editor with a variety of tools for programming and website development. It supports coding languages including HTML, XHTML, CSS, XML, PHP, C, C++, JavaScript, Java, Go, Vala, Ada, D, SQL, Perl, ColdFusion, JSP, Python, Ruby and shell. It is available for many platforms, including Linux, macOS and Windows, and can be used via integration with GNOME or run as a standalone application. Designed as a compromise between plain text editors and full programming IDEs, Bluefish is lightweight, fast and easy to learn, while providing many IDE features. It has been translated into 17 languages.
Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec up until 2007. XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network.
IntelliJ IDEA is an integrated development environment (IDE) written in Java for developing computer software. It is developed by JetBrains, and is available as an Apache 2 Licensed community edition, and in a proprietary commercial edition. Both can be used for commercial development.
BBEdit is a proprietary text editor made by Bare Bones Software, originally developed for Macintosh System Software 6, and currently supporting macOS.
Notepad++ is a text and source code editor for use with Microsoft Windows. It supports tabbed editing, which allows working with multiple open files in a single window. The project's name comes from the C increment operator.
The Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
Coverity is a proprietary static code analysis tool from Synopsys. This product enables engineers and security teams to find and fix software defects.
SPIP is a free software content management system designed for web site publishing, oriented towards online collaborative editing.
FlashDevelop is an integrated development environment (IDE) for development of Adobe Flash websites, web applications, desktop applications and video games. The resulting applications run in Adobe Flash Player or Adobe AIR, on Microsoft Windows, Mac OS X, Android or iOS. The primary purpose of FlashDevelop is enabling developers to edit, compile, debug and publish a Flash ActionScript project. It supports ActionScript 2.0, ActionScript 3.0, Haxe and other upcoming languages. It has code completion, syntax highlighting, snippets and other features similar to Microsoft Visual Studio.
Web application security is a branch of information security that deals specifically with security of websites, web applications and web services. At a high level, web application security draws on the principles of application security but applies them specifically to internet and web systems.
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities.
Opa is an open-source programming language for developing scalable web applications.
The Chromium Embedded Framework (CEF) is an open-source software framework for embedding a Chromium web browser within another application. This enables developers to add web browsing functionality to their application, as well as the ability to use HTML, CSS, and JavaScript to create the application's user interface.
JetBrains s.r.o. is a Czech software development company whose tools are targeted towards software developers and project managers. As of 2019, the company has offices in Prague, Saint Petersburg, Moscow, Munich, Boston, Novosibirsk, Amsterdam, Foster City and Marlton, New Jersey.
OWASP ZAP is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.
RIPS is a static code analysis software for the automated detection of security vulnerabilities in PHP and Java applications. The initial tool was written by Johannes Dahse and released during the Month of PHP Security in May 2010 as open-source software. The open-source version is released under the Lesser GNU General Public License and was maintained until 2013.
Kiuwan is a software as a service (SaaS) static program analysis multi-technology software for software analytics, quality and security measurement and management.