OWASP-Benchmark / BenchmarkJava
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…
☆706Updated last week
Alternatives and similar repositories for BenchmarkJava:
Users that are interested in BenchmarkJava are comparing it to the libraries listed below
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆903Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆839Updated last year
- Vulnerable Java based Web Application☆266Updated 10 months ago
- The Web Application Vulnerability Scanner Evaluation Project☆233Updated 2 years ago
- SAMM stands for Software Assurance Maturity Model.☆399Updated 2 years ago
- Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM☆194Updated 6 years ago
- Vulncode-DB project☆578Updated 3 years ago
- Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determ…☆541Updated last year
- NVD, Ubuntu, Alpine☆428Updated this week
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,026Updated 3 years ago
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,335Updated 3 weeks ago
- Evaluation Framework for Dependency Analysis (EFDA)☆43Updated 3 years ago
- Binaries for the CodeQL CLI☆813Updated last week
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆210Updated 7 months ago
- All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities☆784Updated 3 years ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆142Updated last year
- Software Component Verification Standard (SCVS)☆144Updated last month
- Home page of project "KB"☆124Updated last month
- OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.☆324Updated 5 months ago
- Web and mobile application security training platform☆1,376Updated 10 months ago
- Global Security Database☆318Updated last year
- A collection of test cases in the Java language. It contains examples for 112 different CWEs.☆54Updated 3 years ago
- Resources related to GitHub Security Lab☆1,465Updated 3 months ago
- API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities☆393Updated 7 years ago
- An open source, online threat modelling tool from OWASP☆483Updated 10 months ago
- Checkmarx Scan and Result Orchestration☆96Updated this week
- Vulnogram is a tool for creating and editing CVE information in CVE JSON format☆184Updated this week
- Java Observability Toolkit☆61Updated 11 months ago
- VisualCodeGrepper - Code security scanning tool.☆537Updated last year
- Starter workspace to use with the CodeQL extension for Visual Studio Code.☆521Updated last week