OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…
☆790Apr 20, 2026Updated last week
Alternatives and similar repositories for BenchmarkJava
Users that are interested in BenchmarkJava are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- OWASP Benchmark Project Utilities - Provides scorecard generation and crawling tools for Benchmark style test suites.☆20Apr 20, 2026Updated last week
- xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".☆473Apr 14, 2026Updated 2 weeks ago
- IAST 灰盒扫描工具☆446Jul 19, 2022Updated 3 years ago
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,423Mar 26, 2026Updated last month
- The official repo of Doop, the declarative pointer analysis framework.☆208Updated this week
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynam…☆696Dec 25, 2023Updated 2 years ago
- Java web common vulnerabilities and security code which is base on springboot and spring security☆2,662Dec 2, 2024Updated last year
- A declarative static analysis tool for jvm bytecode based Datalog like CodeQL☆342Jan 6, 2024Updated 2 years ago
- Static code auditing system☆468Jan 8, 2021Updated 5 years ago
- Indexing reachability for context-sensitive data flow analysis.☆12Jul 10, 2022Updated 3 years ago
- A CAT called tabby ( Code Analysis Tool )☆1,646Jan 17, 2026Updated 3 months ago
- 🔥Open source RASP solution☆2,957Oct 2, 2025Updated 6 months ago
- Codyze is a static analyzer for Java, C, C++ based on code property graphs☆91Jan 22, 2025Updated last year
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆9,511Updated this week
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- An easy-to-learn/use static analysis framework for Java☆1,777Mar 22, 2026Updated last month
- Corax for Java: A general static analysis framework for java code checking.☆254Dec 3, 2024Updated last year
- KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、JavaScript的语义扫描,基础安全、组件安全扫描,Chrome Ext\Solidity的基础扫描。☆2,383Updated this week
- 《深入理解CodeQL》Finding vulnerabilities with CodeQL.☆1,768Nov 21, 2023Updated 2 years ago
- A static analysis API for finding deserialization attack gadgets☆39Nov 7, 2022Updated 3 years ago
- Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabil…☆1,314May 22, 2025Updated 11 months ago
- A powerful browser crawler for web vulnerability scanners☆3,031Mar 11, 2025Updated last year
- A benchmark to evaluate taint analysis☆29Jun 20, 2022Updated 3 years ago
- Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security…☆2,696Mar 14, 2024Updated 2 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- TongASDP漏洞测试环境☆35Mar 22, 2023Updated 3 years ago
- Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.…☆3,119Updated this week
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,081Jun 15, 2021Updated 4 years ago
- IDEA静态代码安全审计及漏洞一键修复插件☆1,049Mar 10, 2022Updated 4 years ago
- ☆835Jun 7, 2022Updated 3 years ago
- Code Property Graph: specification, query language, and utilities☆573Apr 15, 2026Updated 2 weeks ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,173May 26, 2023Updated 2 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆8,854Dec 4, 2025Updated 4 months ago
- OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependen…☆7,517Updated this week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- The Web Application Vulnerability Scanner Evaluation Project☆238Oct 5, 2022Updated 3 years ago
- Soot - A Java optimization framework☆3,076Apr 21, 2026Updated last week
- A helpful Java Deserialization exploit framework.☆1,241Feb 17, 2025Updated last year
- Web and mobile application security training platform☆1,439Mar 31, 2026Updated 3 weeks ago
- Source Code Security Audit (源代码安全审计)☆3,189Sep 16, 2022Updated 3 years ago
- PHP Runtime Vulnerability Detection☆480May 25, 2019Updated 6 years ago
- CodeQL model generation for Go.☆17Jun 11, 2021Updated 4 years ago