The YAG-Suite is a tool for smart detection of vulnerabilities in software applications source code. Bypassing the technological locks of static analysis with integration of machine learning, the YAGAAN's technology detects the most exploited vulnerabilities as early as possible in the development process, and helps you to diagnose them, to better target fixes to implement and to guard against the risk of leaking GDPR related data.
The scan server (SaaS or On-premise) avoids to consume resources on developers worskstations. It includes YAG-Scanner and a set of other preconfigured SAST Open Source tools.
Audit Center is the preferred entry point when running a detailed analysis of a scan. This tool provides in-depth analysis capabilities for detected vulnerabilities and access to the advanced features of YAGAAN's innovation.
Vulnerabilities detected by YAG-Scanner are supported with contextual correction proposals, based on code samples extracted from the scanned application.
The tool identifies the most relevant code parts to fix, that is, those that can maximize the number of fixed vulnerabilities.
Identification and location in theapplication of its sensitive data and security mechanisms
It is possible to introduce the application security requirements as an input to vulnerability analysis, in terms of confidentiality, integrity or availability. These requirements are associated with application features and their compliance is assessed based on the detected vulnerabilities.
YAG-Suite's Scan Engine combines the precision of static code analysis with machine learning capabilities to produce high value-added diagnostics that adapt to your application context.
More than 30 vulnerabilities per language are detected by our scanner (Exposure of Sensitive Data, SQL Injection, XSS, CSRF, Command Injection, Path Traversal, etc.). These cover in particular the OWASP Top10.
The detected vulnerabilities are associated with a dynamic diagnostic that can be accessed through the Audit Center
The YAG-Suite learns from your feedback about true / false positives as well as the evaluation of the CVSS score. Thus, the risk assessment self adapts to your application context and provides you with a relevant action plan to efficiently fix the most business-critical vulnerabilities.
The acquired knowledge is centralized on a shared repository of the Scan Server for all the users
The warnings qualification algorithms not only handle the YAG-Scanner detected vulnerabilities but also the ones detected by the third parties SAST tools which are integrated into the Scan Server.
Customization features of the YAG-Scanner let you edit rules, via an intuitive interface, or add new ones.
The various customization modes of the scan repository, as well as the graphic modeling wizards, allow you to fine tune the scans to your corporate needs without requiring deep expertise in code analysis.