Skip to content
/ Benchmark Public
forked from OWASP-Benchmark/BenchmarkJava

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…

www.owasp.org/index.php/Benchmark

License

GPL-2.0 license
0 stars 1.1k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jsalado/Benchmark

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

134 Commits
VMs
VMs
 
 
results
results
 
 
src
src
 
 
tools/Contrast
tools/Contrast
 
 
.gitignore
.gitignore
 
 
.keystore
.keystore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SonarQubeRequest.exe
SonarQubeRequest.exe
 
 
createAnonScorecards.sh
createAnonScorecards.sh
 
 
createScorecards.bat
createScorecards.bat
 
 
createScorecards.sh
createScorecards.sh
 
 
expectedresults-1.2beta.csv
expectedresults-1.2beta.csv
 
 
pom.xml
pom.xml
 
 
runBenchmark.bat
runBenchmark.bat
 
 
runBenchmark.sh
runBenchmark.sh
 
 
runBenchmark_wContrast.bat
runBenchmark_wContrast.bat
 
 
runBenchmark_wContrast.sh
runBenchmark_wContrast.sh
 
 
runCrawler.bat
runCrawler.bat
 
 
runCrawler.sh
runCrawler.sh
 
 
runFindBugs.bat
runFindBugs.bat
 
 
runFindBugs.sh
runFindBugs.sh
 
 
runFindSecBugs.bat
runFindSecBugs.bat
 
 
runFindSecBugs.sh
runFindSecBugs.sh
 
 
runPMD.bat
runPMD.bat
 
 
runPMD.sh
runPMD.sh
 
 
runRemoteAccessibleBenchmark.bat
runRemoteAccessibleBenchmark.bat
 
 
runRemoteAccessibleBenchmark.sh
runRemoteAccessibleBenchmark.sh
 
 
runSonarQube.bat
runSonarQube.bat
 
 
runSonarQube.sh
runSonarQube.sh
 
 

Repository files navigation

OWASP Benchmark

The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. The initial version is intended to support Static Analysis Security Testing Tools (SAST). A future release will support Dynamic Analysis Security Testing Tools (DAST), like OWASP ZAP, and Interactive Analysis Security Testing Tools (IAST). The goal is that this test application is fully runnable and all the vulnerabilities are actually exploitable so its a fair test for any kind of application vulnerability detection tool.

The project documentation is all on the OWASP site at the OWASP Benchmark project pages. Please refer to that site for all the project details.

Changes in this fork

This fork origin was OWASP Benchmark v1.2beta (Final)

tag 1.2betaU1.0

  1. Include parsers for Kiuwan XML and CSV formats.

About

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…

www.owasp.org/index.php/Benchmark

Resources

Readme

License

GPL-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • Java 71.7%
  • HTML 28.3%