Skip to content
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…
Java HTML
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.mvn
VMs
data
results
scorecard
scripts
src Minor formatting improvements to BenchmarkScore.java Dec 6, 2019
tools Set runBenchmark_wHCL.sh permissions to executable. Aug 26, 2019
.keystore
.travis.yml
LICENSE
OWASP Benchmark.URL Update sonar plugin version. Dec 2, 2018
README.md Minor tweak to README Oct 12, 2019
createAnonScorecards.sh
createScorecards.bat Update to 1.2 release. This is a major release update. It introduces … Jun 5, 2016
createScorecards.sh
expectedresults-1.2.csv Update to 1.2 release. This is a major release update. It introduces … Jun 5, 2016
pom.xml
runBenchmark.bat
runBenchmark.sh
runCrawler.bat
runCrawler.sh Numerous fixes and changes Apr 25, 2017
runRemoteAccessibleBenchmark.bat Numerous fixes and changes Apr 25, 2017
runRemoteAccessibleBenchmark.sh

README.md

OWASP Benchmark

The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. It is a fully runnable open source web application that can be analyzed by any type of Application Security Testing (AST) tool, including SAST, DAST (like OWASP ZAP), and IAST tools. The intent is that all the vulnerabilities deliberately included in and scored by the Benchmark are actually exploitable so its a fair test for any kind of application vulnerability detection tool. The Benchmark also includes scorecard generators for numerous open source and commercial AST tools, and the set of supported tools is growing all the time.

The project documentation is all on the OWASP site at the OWASP Benchmark project pages. Please refer to that site for all the project details.

The current latest release is v1.2. Note that all the releases that are available here: https://github.com/OWASP/Benchmark/releases, are historical. The latest release is always available live by simply cloning or pulling the head of this repository (i.e., git pull).

You can’t perform that action at this time.