This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Find Security Bugs"
From OWASP
(Project about section is redundant.) |
|||
| Line 15: | Line 15: | ||
Theses are the current priorities: | Theses are the current priorities: | ||
| − | |||
* Release a new version every few months. | * Release a new version every few months. | ||
* Improve the quality of the static analysis detectors | * Improve the quality of the static analysis detectors | ||
* Continue working on finding new vulnerabilities ideas and implementing detectors if there is an opportunity. | * Continue working on finding new vulnerabilities ideas and implementing detectors if there is an opportunity. | ||
* Improving the documentation for new contributors. | * Improving the documentation for new contributors. | ||
| − | |||
==Getting Involved== | ==Getting Involved== | ||
| Line 27: | Line 25: | ||
You can contribute by : | You can contribute by : | ||
| − | |||
| − | |||
* '''Suggesting idea''' for new detectors that are not already cover. | * '''Suggesting idea''' for new detectors that are not already cover. | ||
* '''Coding new detectors or modifying exist ones'''. See [https://github.com/find-sec-bugs/find-sec-bugs/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22 Good first issue] on Github to get started | * '''Coding new detectors or modifying exist ones'''. See [https://github.com/find-sec-bugs/find-sec-bugs/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22 Good first issue] on Github to get started | ||
| − | * '''Reviewing the descriptions of the different vulnerabilities, the website or this page. | + | * '''Reviewing the descriptions''' of the [https://find-sec-bugs.github.io/bugs.htm different vulnerabilities], [https://find-sec-bugs.github.io the website] or this page. |
| − | |||
| − | |||
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | ||
Revision as of 20:01, 20 March 2019
DescriptionFind Security Bugs is a SpotBugs plugin for security audits of Java web applications and Android applications. It can detect 128 different vulnerability types including Command Injection, XPath Injection, SQL/HQL Injection, XXE and Cryptography weaknesses. SpotBugs is a static analysis tool that targets Java but also works with Groovy, Scala and Kotlin projects. LicensingThis software is released under LGPL. RoadmapTheses are the current priorities:
Getting InvolvedInvolvement in the development and promotion of Find Security Bugs is actively encouraged! You can contribute by :
|
Project ResourcesProject LeaderRelated ProjectsClassifications
| |||||||
