OWASP Benchmark

The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. The initial version is intended to support Static Analysis Security Testing Tools (SAST). A future release will support Dynamic Analysis Security Testing Tools (DAST), like OWASP ZAP, and Interactive Analysis Security Testing Tools (IAST). The goal is that this test application is fully runnable and all the vulnerabilities are actually exploitable so its a fair test for any kind of application vulnerability detection tool.

The project documentation is all on the OWASP site at the OWASP Benchmark project pages. Please refer to that site for all the project details.

The current latest release is v1.2. Note that all the releases that are available here: https://github.com/OWASP/Benchmark/releases, are historical. The latest release is always available live by simply cloning or pulling the head of this repository (i.e., git pull).

Name		Name	Last commit message	Last commit date
Latest commit History 231 Commits
.mvn		.mvn
VMs		VMs
data		data
results		results
scorecard		scorecard
scripts		scripts
src		src
tools/Contrast		tools/Contrast
.keystore		.keystore
.travis.yml		.travis.yml
LICENSE		LICENSE
OWASP Benchmark.URL		OWASP Benchmark.URL
README.md		README.md
createAnonScorecards.sh		createAnonScorecards.sh
createScorecards.bat		createScorecards.bat
createScorecards.sh		createScorecards.sh
expectedresults-1.2.csv		expectedresults-1.2.csv
pom.xml		pom.xml
runBenchmark.bat		runBenchmark.bat
runBenchmark.sh		runBenchmark.sh
runCrawler.bat		runCrawler.bat
runCrawler.sh		runCrawler.sh
runRemoteAccessibleBenchmark.bat		runRemoteAccessibleBenchmark.bat
runRemoteAccessibleBenchmark.sh		runRemoteAccessibleBenchmark.sh

License

paulopontesm/Benchmark

Folders and files

Latest commit

History

Repository files navigation

OWASP Benchmark

About

Resources

License

Stars

Watchers

Forks

Languages