This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Find Security Bugs"
From OWASP
(First draft) |
(Roadmap link addition and typo fix) (Tag: Visual edit) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
| − | | valign="top" | + | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | |
==Description== | ==Description== | ||
| Line 15: | Line 15: | ||
Theses are the current priorities: | Theses are the current priorities: | ||
| − | |||
* Release a new version every few months. | * Release a new version every few months. | ||
* Improve the quality of the static analysis detectors | * Improve the quality of the static analysis detectors | ||
* Continue working on finding new vulnerabilities ideas and implementing detectors if there is an opportunity. | * Continue working on finding new vulnerabilities ideas and implementing detectors if there is an opportunity. | ||
* Improving the documentation for new contributors. | * Improving the documentation for new contributors. | ||
| − | + | ||
| + | The complete roadmap is kept up to date on GitHub in [https://github.com/find-sec-bugs/find-sec-bugs/milestones the milestones section]. | ||
==Getting Involved== | ==Getting Involved== | ||
| Line 27: | Line 27: | ||
You can contribute by : | You can contribute by : | ||
| − | + | * '''Suggesting ideas''' for new detectors that are not already covered. | |
| − | |||
| − | * ''' | ||
* '''Coding new detectors or modifying exist ones'''. See [https://github.com/find-sec-bugs/find-sec-bugs/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22 Good first issue] on Github to get started | * '''Coding new detectors or modifying exist ones'''. See [https://github.com/find-sec-bugs/find-sec-bugs/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22 Good first issue] on Github to get started | ||
| − | * '''Reviewing the descriptions of the different vulnerabilities or this page | + | * '''Reviewing the descriptions''' of the [https://find-sec-bugs.github.io/bugs.htm different vulnerabilities], [https://find-sec-bugs.github.io the website] or this page. |
| − | |||
| − | == Project | + | ==Project Sponsors== |
| − | [https:// | + | The project's development is supported by [https://www.gosecure.net/ GoSecure] since 2016. |
| − | + | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | |
| − | + | == Project Resources == | |
| + | * [https://find-sec-bugs.github.io/ Website] | ||
| + | * [https://github.com/find-sec-bugs/find-sec-bugs/ GitHub page] | ||
| + | * [https://github.com/find-sec-bugs/find-sec-bugs/releases/ Release notes] | ||
== Project Leader == | == Project Leader == | ||
| Line 55: | Line 55: | ||
{| width="200" cellpadding="2" | {| width="200" cellpadding="2" | ||
|- | |- | ||
| − | | colspan="2" align="center" | + | | colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]] |
|- | |- | ||
| − | | align="center" valign="top" width="50% | + | | rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]] |
| − | | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] | + | | align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]] |
|- | |- | ||
| − | | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]] | + | | align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]] |
|- | |- | ||
| − | | colspan="2" align="center" | + | | colspan="2" align="center" | [[File:LGPLv3_Logo.png|190px|link=https://www.gnu.org/copyleft/lesser.html|LGPL License]] |
|} | |} | ||
|} | |} | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
__NOTOC__ <headertabs /> | __NOTOC__ <headertabs /> | ||
| − | [[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]] | + | [[Category:OWASP Project]] |
| + | [[Category:OWASP_Builders]] | ||
| + | [[Category:OWASP_Defenders]] | ||
| + | [[Category:OWASP_Code]] | ||
Latest revision as of 18:50, 26 September 2019
DescriptionFind Security Bugs is a SpotBugs plugin for security audits of Java web applications and Android applications. It can detect 128 different vulnerability types including Command Injection, XPath Injection, SQL/HQL Injection, XXE and Cryptography weaknesses. SpotBugs is a static analysis tool that targets Java but also works with Groovy, Scala and Kotlin projects. LicensingThis software is released under LGPL. RoadmapTheses are the current priorities:
The complete roadmap is kept up to date on GitHub in the milestones section. Getting InvolvedInvolvement in the development and promotion of Find Security Bugs is actively encouraged! You can contribute by :
Project SponsorsThe project's development is supported by GoSecure since 2016. |
Project ResourcesProject LeaderRelated ProjectsClassifications
| |||||||
