OWASP-Benchmark / BenchmarkJava
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…
☆700Updated this week
Alternatives and similar repositories for BenchmarkJava:
Users that are interested in BenchmarkJava are comparing it to the libraries listed below
- SAMM stands for Software Assurance Maturity Model.☆398Updated 2 years ago
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆880Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆836Updated last year
- Vulnerable Java based Web Application☆265Updated 9 months ago
- Evaluation Framework for Dependency Analysis (EFDA)☆43Updated 2 years ago
- Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM☆193Updated 6 years ago
- Vulncode-DB project☆577Updated 3 years ago
- An open source, online threat modelling tool from OWASP☆483Updated 9 months ago
- The Web Application Vulnerability Scanner Evaluation Project☆233Updated 2 years ago
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,325Updated 2 weeks ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆142Updated last year
- Home page of project "KB"☆121Updated this week
- A Pythonic framework for threat modeling☆982Updated last month
- API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities☆392Updated 7 years ago
- OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.☆314Updated 4 months ago
- Software Component Verification Standard (SCVS)☆142Updated 11 months ago
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆210Updated 6 months ago
- Purposely vulnerable Java application to help lead secure coding workshops☆179Updated 9 months ago
- Global Security Database☆314Updated 11 months ago
- REST/JSON API to the Burp Suite security tool.☆555Updated 10 months ago
- Getting a handle on container security☆648Updated last year
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,022Updated 3 years ago
- A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos enginee…☆220Updated 10 months ago
- Web and mobile application security training platform☆1,373Updated 8 months ago
- NVD, Ubuntu, Alpine☆425Updated this week
- Generic SAST Library☆130Updated 4 months ago
- ThreadFix is a software vulnerability management platform. This GitHub site is far out of date. Please go to www.threadfix.it for up-to-d…☆339Updated 2 years ago
- ZAP Add-ons☆862Updated this week
- This project is about creating and publishing threat model examples.☆419Updated 3 years ago
- A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)☆460Updated last year