OWASP-Benchmark / BenchmarkJava
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…
☆681Updated this week
Alternatives and similar repositories for BenchmarkJava:
Users that are interested in BenchmarkJava are comparing it to the libraries listed below
- Vulnerable Java based Web Application☆260Updated 6 months ago
- Semgrep rules registry☆830Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆822Updated last year
- Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM☆189Updated 6 years ago
- Evaluation Framework for Dependency Analysis (EFDA)☆43Updated 2 years ago
- Vulncode-DB project☆575Updated 3 years ago
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆209Updated 3 months ago
- SAMM stands for Software Assurance Maturity Model.☆398Updated 2 years ago
- An open source, online threat modelling tool from OWASP☆483Updated 6 months ago
- API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities☆388Updated 7 years ago
- Software Component Verification Standard (SCVS)☆137Updated 9 months ago
- Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determ…☆537Updated last year
- REST/JSON API to the Burp Suite security tool.☆550Updated 7 months ago
- The Web Application Vulnerability Scanner Evaluation Project☆232Updated 2 years ago
- Purposely vulnerable Java application to help lead secure coding workshops☆175Updated 6 months ago
- This project is about creating and publishing threat model examples.☆412Updated 3 years ago
- Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem☆643Updated 3 years ago
- All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities☆778Updated 3 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,009Updated 3 years ago
- Home page of project "KB"☆116Updated last month
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆141Updated 10 months ago
- OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.☆303Updated 2 months ago
- NVD, Ubuntu, Alpine☆416Updated this week
- WackoPicko is a vulnerable web application used to test web application vulnerability scanners.☆328Updated 7 months ago
- AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.☆618Updated 10 months ago
- A collection of test cases in the Java language. It contains examples for 112 different CWEs.☆52Updated 3 years ago
- Checkmarx Python SDK☆27Updated this week
- Checkmarx Scan and Result Orchestration☆88Updated this week
- Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an outp…☆463Updated last year