You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The OWASP WebGoat Benchmark is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. The initial version is intended to support Static Analysis Security Testing Tools (SAST) and Interactive Analysis Security Testing Tools (IAST). A future release will support Dynamic Analysis Security Testing Tools (DAST), like OWASP ZAP. The goal is that this test application is fully runnable and all the vulnerabilities are actually exploitable so its a fair test for any kind of vulnerability detection tool.
The OWASP WebGoat Benchmark Edition (WBE) is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. The initial version is intended to support Static Analysis Security Testing Tools (SAST) and Interactive Analysis Security Testing Tools (IAST). A future release will support Dynamic Analysis Security Testing Tools (DAST), like <ahref="https://www.owasp.org/index.php/ZAP">OWASP ZAP</a>. The goal is that this test application is fully runnable and all the vulnerabilities are actually exploitable so its a fair test for any kind of application vulnerability detection tool.
The project documentation is all on the OWASP site at the <ahref="https://www.owasp.org/index.php/Benchmark">OWASP WebGoat Benchmark Edition</a> project pages. Please refer to that site for all the project details.
