[Owasp-codereview] Yasca v1.0 Released

Michael V. Scovetta scovetta at users.sourceforge.net
Tue Sep 30 19:25:09 EDT 2008

   I thought this would be relevant to the OWASP Code Review Project, since
I started writing Yasca to help with code reviews.

Yasca ("Yet Another Source Code Scanner") is a framework and implementation
for performing source code analysis. It integrates some security scanners
(PMD, FindBugs, Jlint) and has some of its own too. It's meant to find on
the "low hanging fruit" in web applications, and be **very** easily
extensible (i.e. ~30 seconds to write a new rule) yet powerful (i.e.
arbitrary call-outs to your own scanning code). Yasca is written in
command-line PHP, is cross-platform, and is simple and quick to run.

Yasca is open-source (BSD license) and is available on SourceForge (
http://sourceforge.net/projects/yasca) or http://yasca.org/.

I'm very interested in hearing feedback and suggestions.

Thank you,

Mike Scovetta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-codereview/attachments/20080930/34e5e93b/attachment.html 

More information about the Owasp-codereview mailing list