Control the cyber risk of your applications with YAG-Suite

The YAG-Suite is a tool for smart detection of vulnerabilities in software applications source code. Bypassing the technological locks of static analysis with integration of machine learning, the YAGAAN's technology detects the most exploited vulnerabilities as early as possible in the development process, and helps you to diagnose them, to better target fixes to implement and to guard against the risk of leaking GDPR related data.

Scan Server / Centralized Scan and Synthetic Overview

The scan server (SaaS or On-premise) avoids to consume resources on developers worskstations. It includes YAG-Scanner and a set of other preconfigured SAST Open Source tools.

Supported languages

Simple to use at the heart of the development process

  • Scan via CLI, maven, drag&drop, etc.
  • Simple and centralized configuration
  • Vulnerability Dashboard via Supported IDEs
  • RestFull API

IDE Integration

Continuous Integration support

Executive view of the security status of your applications fleet

  • Overall risk assessment (each application is scored between 0 and 100)
  • Level of risk progress compared to the previous scans
  • High level metrics on the number of warnings and the applications size

Executive view of the security status of each project

  • Distribution of vulnerabilities according to the OWASP Top10 categories
  • Access to details of the detected vulnerabilities
  • Detection of vulnerable dependencies
  • State of the art proposals for correction
  • Metrics on the application

Audit Center / Environment dedicated to vulnerabilities qualification and fine analysis of the scanned applications

Audit Center is the preferred entry point when running a detailed analysis of a scan. This tool provides in-depth analysis capabilities for detected vulnerabilities and access to the advanced features of YAGAAN's innovation.

Supported Languages
Diagnosis of a vulnerability and its causes.

Detailed Diagnosis

Vulnerabilities detected by YAG-Scanner are supported with a comprehensive and pedagogical diagnosis wich allows the users to understand the causes of the warnings (origin and data path up to the vulnerable code) and to help them improve their skills on application security when necessary.

Remediation support

Vulnerabilities detected by YAG-Scanner are supported with contextual correction proposals, based on code samples extracted from the scanned application.

The tool identifies the most relevant code parts to fix, that is, those that can maximize the number of fixed vulnerabilities.

Most relevant code parts to fix
Fixing proposals and code samples extracted from the scanned application.
Warnings qualification and relevance indicators.

Warnings relevancy indicators

Assessment, for each warning, of its probability to be a true or a false positive.

CVSS Score

Warning individual criticality, based on AI training and application context

Code Mining

Identification and location in theapplication of its sensitive data and security mechanisms

Searches for password related data in WebGoat.
Password related data mapping in WebGoat.

Assessment of security requirements compliance

It is possible to introduce the application security requirements as an input to vulnerability analysis, in terms of confidentiality, integrity or availability. These requirements are associated with application features and their compliance is assessed based on the detected vulnerabilities.

YAG-Scanner / Vulnerabilities smart detection

YAG-Suite's Scan Engine combines the precision of static code analysis with machine learning capabilities to produce high value-added diagnostics that adapt to your application context.

Supported languages

Detection of the most exploited vulnerabilities

More than 30 vulnerabilities per language are detected by our scanner (Exposure of Sensitive Data, SQL Injection, XSS, CSRF, Command Injection, Path Traversal, etc.). These cover in particular the OWASP Top10.

The detected vulnerabilities are associated with a dynamic diagnostic that can be accessed through the Audit Center

Contextual Qualification of Vulnerabilities

The YAG-Suite learns from your feedback about true / false positives as well as the evaluation of the CVSS score. Thus, the risk assessment self adapts to your application context and provides you with a relevant action plan to efficiently fix the most business-critical vulnerabilities.

The acquired knowledge is centralized on a shared repository of the Scan Server for all the users

The warnings qualification algorithms not only handle the YAG-Scanner detected vulnerabilities but also the ones detected by the third parties SAST tools which are integrated into the Scan Server.

The only one solution that self adapts to your context.

Detection rules customization

Customization features of the YAG-Scanner let you edit rules, via an intuitive interface, or add new ones.

The various customization modes of the scan repository, as well as the graphic modeling wizards, allow you to fine tune the scans to your corporate needs without requiring deep expertise in code analysis.

Example of YAG-Scanner vulnerability modeling.