Web.config rules for Yasca
Combined rules from two open-source tools for static application security testing — WCSA and Yasca.
Yasca is static application security testing scanner written in PHP that supports many programming languages using built-in rules and external tools. WCSA is static scanner that focuses on ASP.NET
Instead of adding WCSA to Yasca as plugin (which is possible) I've decided it would make more sens to port WCSA rules to Yasca. They are now hosted on GitHub: