OWASP-Benchmark / BenchmarkJava
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…
☆701Updated this week
Alternatives and similar repositories for BenchmarkJava:
Users that are interested in BenchmarkJava are comparing it to the libraries listed below
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆210Updated 6 months ago
- SAMM stands for Software Assurance Maturity Model.☆398Updated 2 years ago
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆880Updated this week
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,325Updated 2 weeks ago
- Vulnerable Java based Web Application☆265Updated 9 months ago
- Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM☆193Updated 6 years ago
- Vulncode-DB project☆577Updated 3 years ago
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆837Updated last year
- Evaluation Framework for Dependency Analysis (EFDA)☆43Updated 2 years ago
- NVD, Ubuntu, Alpine☆426Updated this week
- Home page of project "KB"☆121Updated last week
- Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilit…☆528Updated 2 years ago
- Binaries for the CodeQL CLI☆799Updated 2 weeks ago
- Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determ…☆540Updated last year
- A Pythonic framework for threat modeling☆982Updated last month
- The Web Application Vulnerability Scanner Evaluation Project☆233Updated 2 years ago
- Checkmarx Python SDK☆28Updated this week
- All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities☆780Updated 3 years ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆142Updated last year
- Generic SAST Library☆130Updated 4 months ago
- ZAP Add-ons☆862Updated this week
- OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.☆316Updated 4 months ago
- grep rough audit - source code auditing tool☆1,596Updated 3 months ago
- An open source, online threat modelling tool from OWASP☆483Updated 9 months ago
- AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.☆624Updated last year
- Software Component Verification Standard (SCVS)☆142Updated 11 months ago
- This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory☆879Updated 5 months ago
- This project is about creating and publishing threat model examples.☆419Updated 3 years ago
- API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities☆392Updated 7 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,022Updated 3 years ago