OWASP WebGoat Benchmark Edition (WBE) v-1.1 released.

OWASP WebGoat Benchmark Edition (WBE) v-1.1 released.

Changelog WBE version: 1.1 :
– test name, category, real vulnerability, cwe ; XSS, SQLi, Xpath Traversal, Cryptography, Hash, LDAPi, TrustBound.

 The OWASP WebGoat Benchmark is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. The initial version is intended to support Static Analysis Security Testing Tools (SAST) and Interactive Analysis Security Testing Tools (IAST). A future release will support Dynamic Analysis Security Testing Tools (DAST), like OWASP ZAP. The goal is that this test application is fully runnable and all the vulnerabilities are actually exploitable so its a fair test for any kind of vulnerability detection tool.

WBE Project Philosophy
Security tools (SAST, DAST, and IAST) are amazing when they find a complex vulnerability in your code. But they can drive everyone crazy with complexity, false alarms, and missed vulnerabilities. Using these tools without understanding their strengths and weaknesses can lead to a dangerous false sense of security.

The diagram below shows how we will evaluate security tools against the WBE.

The diagram below shows how we will evaluate security tools against the WBE.

This initial release of the WBE has 20,983 test cases. The test case areas and quantities for the April 15, 2015 release are:

TEST CASES for The OWASP WebGoat Benchmark is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools.

TEST CASES for The OWASP WebGoat Benchmark is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools.

Tool Result :
+ FindBug; FindBugs has detectors for the following kinds of security issues:
— Hardcoded Database Passwords
— HTTP Response Splitting
— Path Traversal
— SQL Injection
— XSS – Cross-Site Scripting
+ FindSecurityBugs; A very useful addition to FindBugs is the FindSecurityBugs plugin.
+ OWASP ZAP; The OWASP ZAP project lead is excited to have ZAP be scored against the WBE.
+ Other Tools!

Download : webgoat-benchmark-master.zip(27.2 MB)  | Clone Url | Our Post Before
Source : OWASP |  https://www.owasp.org/index.php/Benchmark#tab=Tool_Results