Securibench Micro is a collection of small test cases designed to evaluate static security analyzers and runtime security testing tools. The tool provides a series of vulnerable web applications that can be deployed on standard application servers like Tomcat. Each test case includes a known answer, enabling straightforward comparison and validation of security analysis results. The test cases contain various security vulnerabilities including: - SQL injection attacks - Cross-site scripting (XSS) attacks - HTTP splitting attacks - Path traversal attacks - Additional common web application vulnerabilities Originally developed and hosted at Stanford University, the project has transitioned to GitHub for continued development and community access. The tool serves as a benchmark for comparing the effectiveness of different security testing approaches, including both static analysis tools and dynamic penetration testing techniques.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.