Skip to content
/ BenchmarkJava Public

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…

owasp.org/www-project-benchmark/

License

GPL-2.0 license
703 stars 1.2k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

OWASP-Benchmark/BenchmarkJava

1 Branch4 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

davewichersdavewichers
Merge pull request #318 from OWASP-Benchmark/dependabot/maven/com.h3x…
Apr 21, 2025
958b5bb · Apr 21, 2025

History

665 Commits
.github
.github
Nov 26, 2024
.mvn
.mvn
Jan 7, 2025
VMs
VMs
May 7, 2024
data
data
Sep 23, 2021
results/old
results/old
Feb 15, 2025
scorecard
scorecard
Apr 23, 2021
scripts
scripts
Feb 15, 2025
src
src
Mar 2, 2025
tools
tools
Jul 4, 2024
.gitattributes
.gitattributes
Apr 21, 2021
.gitignore
.gitignore
Jan 24, 2025
.keystore
.keystore
Nov 4, 2018
.travis.yml
.travis.yml
Aug 17, 2018
DevStyleHtml.prefs
DevStyleHtml.prefs
Apr 23, 2021
DevStyleXml.prefs
DevStyleXml.prefs
Mar 15, 2022
LICENSE
LICENSE
Apr 7, 2015
OWASP Benchmark.URL
OWASP Benchmark.URL
Apr 21, 2021
README.md
README.md
Mar 21, 2024
createAnonScorecards.sh
createAnonScorecards.sh
Sep 23, 2021
createScorecards.bat
createScorecards.bat
Apr 13, 2024
createScorecards.sh
createScorecards.sh
Apr 13, 2024
expectedresults-1.2.csv
expectedresults-1.2.csv
Jun 5, 2016
pom.xml
pom.xml
Apr 21, 2025
runBenchmark.bat
runBenchmark.bat
Jul 2, 2021
runBenchmark.sh
runBenchmark.sh
Jul 2, 2021
runCrawler.bat
runCrawler.bat
Sep 28, 2021
runCrawler.sh
runCrawler.sh
Sep 28, 2021
runRemoteAccessibleBenchmark.bat
runRemoteAccessibleBenchmark.bat
Apr 25, 2017
runRemoteAccessibleBenchmark.sh
runRemoteAccessibleBenchmark.sh
Jul 2, 2021

Repository files navigation

OWASP Benchmark

The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. It is a fully runnable open source web application that can be analyzed by any type of Application Security Testing (AST) tool, including SAST, DAST (like ZAP), and IAST tools. The intent is that all the vulnerabilities deliberately included in and scored by the Benchmark are actually exploitable so its a fair test for any kind of application vulnerability detection tool. The Benchmark also includes scorecard generators for numerous open source and commercial AST tools, and the set of supported tools is growing all the time.

The project documentation is all on the OWASP site at the OWASP Benchmark project pages. Please refer to that site for all the project details.

The current latest release is v1.2. Note that all the releases that are available here: https://github.com/OWASP/Benchmark/releases are historical. The latest release is always available live by simply cloning or pulling the head of this repository (i.e., git pull).

About

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually expl…

owasp.org/www-project-benchmark/

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

703 stars

Watchers

52 watching

Forks

1.2k forks
Report repository

Releases 4

OWASP Benchmark v1.2beta (Final) Latest
Oct 1, 2016
+ 3 releases

Contributors 47

+ 33 contributors

Languages