# BenchmarkJava

**Repository Path**: howtoshow/BenchmarkJava

## Basic Information

- **Project Name**: BenchmarkJava
- **Description**: OWASP Benchmark Project 是一个 Java 测试套件，旨在验证漏洞检测工具的速度和准确性。它是一个完全可运行的开源 Web 应用程序，可以通过任何类型的应用程序安全测试 (AST) 工具进行分析，包括 SAST、DAST（如OWASP ZAP）和 IAST 工具。所有有意包含在基准测试中并由其评分的漏洞实际上都是可利用的，因此它是对任何类型的应用程序漏洞检测工具的公平。
- **Primary Language**: Java
- **License**: GPL-2.0
- **Default Branch**: master
- **Homepage**: https://owasp.org/www-project-benchmark/
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 2
- **Created**: 2023-04-04
- **Last Updated**: 2023-04-04

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# OWASP Benchmark
The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. It is a fully runnable open source web application that can be analyzed by any type of Application Security Testing (AST) tool, including SAST, DAST (like <a href="https://owasp.org/www-project-zap">OWASP ZAP</a>), and IAST tools. The intent is that all the vulnerabilities deliberately included in and scored by the Benchmark are actually exploitable so its a fair test for any kind of application vulnerability detection tool. The Benchmark also includes scorecard generators for numerous open source and commercial AST tools, and the set of supported tools is growing all the time.

The project documentation is all on the OWASP site at the <a href="https://owasp.org/www-project-benchmark">OWASP Benchmark</a> project pages. Please refer to that site for all the project details.

The current latest release is v1.2. Note that all the releases that are available here: https://github.com/OWASP/Benchmark/releases are historical. The latest release is always available live by simply cloning or pulling the head of this repository (i.e., git pull).