Proscan Scan Results

Real scan results from Proscan against deliberately vulnerable applications. These are actual scanner outputs — not fabricated examples.

All targets are well-known open-source vulnerable-by-design projects maintained by OWASP and the security community.

---

SAST — Static Application Security Testing

60 open-source vulnerable applications scanned with Proscan's SAST engine across 10+ programming languages.

Browse SAST Reports →

Language	Projects
Java	JavaVulnerableLab, WebGoat, WebGoat-Legacy, WebGoat-BBP, dvja, java-goof, VulnerableApp, juice-shop-ctf
JavaScript/TypeScript	juice-shop, NodeGoat, dvna, dvna-2, dvws-node, nodejs-goof, vulnerable-node, vuln-javascript-app, vuln-typescript-app
Python	DSVW, django.nV, dvga, dvpwa, Vulnerable-Flask-App, vuln-python-app, python-docs-samples
PHP	DVWA, DVWA-2, dvws, hackazon, vapi, vuln-php-app
Go	govwa, vuln-go-app, kubernetes-goat, huskyCI, kics
Ruby	railsgoat, vuln-ruby-app, dawnscanner
C#	vuln-csharp-app
Kotlin	vuln-kotlin-app
Multi-language	vuln-multi-lang, vuln-light-app, secDevLabs, vulhub, vuln-code-snippets
IaC/Cloud	cfngoat, terragoat
Mobile	mastg, diva-android

Each Project Includes

• Comprehensive HTML Report — full vulnerability listing with severity, CWE classification, code snippets, and remediation guidance

Verified Accuracy

For validated precision and recall metrics, see the OWASP Benchmark v1.2 Scorecard — 100% precision, 100% recall, 0 FP, 0 FN across all 11 CWE categories on 2,740 test cases.

---

Support

• General: contact@proscan.one
• Website: proscan.one