Web.config rules for Yasca

2012-12-05 00:00:00 +0000

Combined rules from two open-source tools for static application security testing — WCSA and Yasca. Yasca is static application security testing scanner written in PHP that supports many programming languages using built-in rules and external tools. WCSA is static scanner that focuses on ASP.NET web.config issues.

Instead of adding WCSA to Yasca as plugin (which is possible) I’ve decided it would make more sens to port WCSA rules to Yasca. They are now hosted on GitHub: