OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…
☆773Updated this week
Alternatives and similar repositories for BenchmarkJava
Users that are interested in BenchmarkJava are comparing it to the libraries listed below
Sorting:
- OWASP Benchmark Project Utilities - Provides scorecard generation and crawling tools for Benchmark style test suites.☆20Updated this week
- IAST 灰盒扫描工具☆448Jul 19, 2022Updated 3 years ago
- xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".☆463Jan 15, 2026Updated last month
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,412Jun 17, 2025Updated 8 months ago
- Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynam…☆696Dec 25, 2023Updated 2 years ago
- A declarative static analysis tool for jvm bytecode based Datalog like CodeQL☆345Jan 6, 2024Updated 2 years ago
- The official repo of Doop, the declarative pointer analysis framework.☆203Feb 21, 2026Updated last week
- Java web common vulnerabilities and security code which is base on springboot and spring security☆2,649Dec 2, 2024Updated last year
- Static code auditing system☆468Jan 8, 2021Updated 5 years ago
- A CAT called tabby ( Code Analysis Tool )☆1,635Jan 17, 2026Updated last month
- KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、JavaScript的语义扫描,基础安全、组件安全扫描,Chrome Ext\Solidity的基础扫描。☆2,380Jan 16, 2026Updated last month
- A powerful browser crawler for web vulnerability scanners☆3,016Mar 11, 2025Updated 11 months ago
- 《深入理解CodeQL》Finding vulnerabilities with CodeQL.☆1,754Nov 21, 2023Updated 2 years ago
- 🔥Open source RASP solution☆2,951Oct 2, 2025Updated 4 months ago
- Codyze is a static analyzer for Java, C, C++ based on code property graphs☆91Jan 22, 2025Updated last year
- Corax for Java: A general static analysis framework for java code checking.☆254Dec 3, 2024Updated last year
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,079Jun 15, 2021Updated 4 years ago
- Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabil…☆1,315May 22, 2025Updated 9 months ago
- A static analysis API for finding deserialization attack gadgets☆38Nov 7, 2022Updated 3 years ago
- An easy-to-learn/use static analysis framework for Java☆1,760Feb 16, 2026Updated last week
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆9,253Feb 20, 2026Updated last week
- Indexing reachability for context-sensitive data flow analysis.☆12Jul 10, 2022Updated 3 years ago
- The cheat sheet about Java Deserialization vulnerabilities☆3,164May 26, 2023Updated 2 years ago
- Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Spring、Dubbo、Shiro、CAS、Tomcat、RMI、Nexus等框架\中间件\功能的exploits以及Java Security…☆2,689Mar 14, 2024Updated last year
- ☆835Jun 7, 2022Updated 3 years ago
- Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.…☆2,959Updated this week
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆8,750Dec 4, 2025Updated 2 months ago
- A benchmark to evaluate taint analysis☆27Jun 20, 2022Updated 3 years ago
- A tool that can scan php vulnerabilities automatically using static analysis methods☆488Mar 20, 2018Updated 7 years ago
- OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependen…☆7,441Feb 20, 2026Updated last week
- A helpful Java Deserialization exploit framework.☆1,240Feb 17, 2025Updated last year
- Source Code Security Audit (源代码安全审计)☆3,186Sep 16, 2022Updated 3 years ago
- A static byte code analyzer for Java deserialization gadget research☆252Apr 17, 2017Updated 8 years ago
- IDEA静态代码安全审计及漏洞一键修复插件☆1,047Mar 10, 2022Updated 3 years ago
- Open-Source Unified Vulnerability Management, DevSecOps & ASPM☆4,532Updated this week
- Web Security Technology & Vulnerability Analysis Whitepapers☆549Jan 1, 2019Updated 7 years ago
- 网页相似度判断:根据网页结构判断页面相似性 ,可用于相似度计算、越权检测等(Determine page similarity based on HTML page structure)☆282Jul 27, 2019Updated 6 years ago
- PHP Runtime Vulnerability Detection☆480May 25, 2019Updated 6 years ago
- Soot - A Java optimization framework☆3,071Feb 13, 2026Updated 2 weeks ago