OWASP-Benchmark / BenchmarkJava
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…
☆670Updated 4 months ago
Related projects ⓘ
Alternatives and complementary repositories for BenchmarkJava
- Semgrep rules registry☆809Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆808Updated last year
- The Web Application Vulnerability Scanner Evaluation Project☆228Updated 2 years ago
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆208Updated last month
- SAMM stands for Software Assurance Maturity Model.☆397Updated 2 years ago
- Vulncode-DB project☆575Updated 2 years ago
- Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM☆188Updated 6 years ago
- Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determ…☆538Updated 11 months ago
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,283Updated 3 months ago
- Vulnerable Java based Web Application☆255Updated 5 months ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆996Updated 3 years ago
- Evaluation Framework for Dependency Analysis (EFDA)☆42Updated 2 years ago
- Software Component Verification Standard (SCVS)☆135Updated 7 months ago
- API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities☆387Updated 7 years ago
- grep rough audit - source code auditing tool☆1,539Updated 3 months ago
- OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.☆298Updated last week
- Home page of project "KB"☆113Updated 3 weeks ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆141Updated 8 months ago
- Yet Another Source Code Analyzer☆183Updated 2 years ago
- VisualCodeGrepper - Code security scanning tool.☆529Updated last year
- Binaries for the CodeQL CLI☆750Updated 2 weeks ago
- REST/JSON API to the Burp Suite security tool.☆547Updated 5 months ago
- A static byte code analyzer for Java deserialization gadget research☆241Updated 7 years ago
- NVD, Ubuntu, Alpine☆410Updated this week
- Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem☆632Updated 3 years ago
- An open source, online threat modelling tool from OWASP☆483Updated 4 months ago
- All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities☆776Updated 3 years ago
- A Pythonic framework for threat modeling☆921Updated last week
- Checkmarx Scan and Result Orchestration☆88Updated this week
- Global Security Database☆309Updated 6 months ago