Skip to content

BenchmarkJava

The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. It is a fully runnable open source web application that can be analyzed by any type of Application Security Testing (AST) tool, including SAST, DAST (like ZAP), and IAST tools. The intent is that all the vulnerabilities deliberately included in and scored by the Benchmark are actually exploitable so its a fair test for any kind of application vulnerability detection tool. The Benchmark also includes scorecard generators for numerous open source and commercial AST tools, and the set of supported tools is growing all the time.

Type: File

Supported version: Latest

Legal Notice

  • License: GPL-2.0 (Copyleft)

Disclaimer

This project provides wrappers and scripts to integrate with BenchmarkJava, but does not include the tool itself. Therefore, you are responsible for reviewing and complying with the product's license and terms of use.

Requirements

  • An internet connection is required only to download the dataset.

Dataset content

  • src/main/java/org/owasp/benchmark/testcode/*
  • expectedresults-1.2.csv

Downloaded from OWASP-Benchmark/BenchmarkJava.