OWASP-Benchmark / BenchmarkJava
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…
☆704Updated this week
Alternatives and similar repositories for BenchmarkJava:
Users that are interested in BenchmarkJava are comparing it to the libraries listed below
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆899Updated this week
- The Web Application Vulnerability Scanner Evaluation Project☆233Updated 2 years ago
- Vulncode-DB project☆577Updated 3 years ago
- Vulnerable Java based Web Application☆266Updated 10 months ago
- Evaluation Framework for Dependency Analysis (EFDA)☆43Updated 2 years ago
- Software Component Verification Standard (SCVS)☆143Updated 3 weeks ago
- Global Security Database☆317Updated 11 months ago
- Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM☆193Updated 6 years ago
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆210Updated 6 months ago
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆838Updated last year
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆142Updated last year
- All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities☆784Updated 3 years ago
- NVD, Ubuntu, Alpine☆427Updated this week
- OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.☆321Updated 5 months ago
- An open source, online threat modelling tool from OWASP☆483Updated 9 months ago
- A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of se…☆465Updated 8 months ago
- A static byte code analyzer for Java deserialization gadget research☆242Updated 8 years ago
- Checkmarx Scan and Result Orchestration☆94Updated last week
- Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determ…☆541Updated last year
- API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities☆393Updated 7 years ago
- REST/JSON API to the Burp Suite security tool.☆558Updated 11 months ago
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,334Updated last week
- Checkmarx Python SDK☆28Updated this week
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,029Updated 3 years ago
- Generic SAST Library☆131Updated 5 months ago
- Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem☆654Updated 4 years ago
- Purposely vulnerable Java application to help lead secure coding workshops��☆179Updated 10 months ago
- Home page of project "KB"☆123Updated 3 weeks ago
- Binaries for the CodeQL CLI☆811Updated this week
- Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects☆320Updated last week