OWASP-Benchmark / BenchmarkJavaLinks
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…
☆718Updated last week
Alternatives and similar repositories for BenchmarkJava
Users that are interested in BenchmarkJava are comparing it to the libraries listed below
Sorting:
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆210Updated 8 months ago
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆929Updated this week
- Vulncode-DB project☆580Updated 3 years ago
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,353Updated last week
- Evaluation Framework for Dependency Analysis (EFDA)☆43Updated 3 years ago
- Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM☆194Updated 6 years ago
- Binaries for the CodeQL CLI☆830Updated 2 weeks ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,034Updated 4 years ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆145Updated last year
- SAMM stands for Software Assurance Maturity Model.☆398Updated 3 years ago
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆844Updated last year
- Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determ…☆541Updated last year
- Vulnerable Java based Web Application☆270Updated last year
- The Web Application Vulnerability Scanner Evaluation Project☆233Updated 2 years ago
- Home page of project "KB"☆126Updated 2 months ago
- ThreadFix is a software vulnerability management platform. This GitHub site is far out of date. Please go to www.threadfix.it for up-to-d…☆339Updated 2 years ago
- API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities☆397Updated 7 years ago
- All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities☆785Updated 3 years ago
- NVD, Ubuntu, Alpine☆433Updated this week
- Starter workspace to use with the CodeQL extension for Visual Studio Code.☆525Updated 2 weeks ago
- Yet Another Source Code Analyzer☆184Updated 3 years ago
- Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem☆656Updated 4 years ago
- An open source, online threat modelling tool from OWASP☆484Updated 11 months ago
- Resources related to GitHub Security Lab☆1,492Updated last month
- OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.☆328Updated 7 months ago
- grep rough audit - source code auditing tool☆1,621Updated last month
- REST/JSON API to the Burp Suite security tool.☆561Updated last year
- A static byte code analyzer for Java deserialization gadget research☆243Updated 8 years ago
- Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilit…☆540Updated 3 years ago
- Purposely vulnerable Java application to help lead secure coding workshops☆182Updated last year