puma_scan.md 1.8 KB
Puma Scan
Description
Puma Scan is a software security Visual Studio analyzer extension built on top of Roslyn, the open-source .NET Compiler Platform. Puma Scan provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications. Simply install the plugin / NuGet package and find the following vulnerability patterns:
- Command Injection (SQL, LDAP, OS Commands)
- Cross-Site Scripting
- Cross-Site Request Forgery
- Insecure Cryptography
- Insecure Password Management
- Unvalidated Redirect
- Weak Validation
- Directory Traversal
- Missing Certificate Validation
Categories
- Code Assessment
- Static Analysis
- .NET Security
BlackHat Arsenal sessions
Code
https://github.com/pumasecurity/puma-scan
Lead Developers
- Eric Johnson (@emjohn20) - https://pumascan.com/about.html
- Eric Mead (@ericmmead) - https://pumascan.com/about.html
- Aaron Cure (@curea) - https://pumascan.com/about.html