This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Find Security Bugs"

From OWASP
Jump to: navigation, search
(First draft)
(Fix the right bar)
Line 29: Line 29:
  
 
<strong>
 
<strong>
* '''suggesting idea''' for new detectors that are not already cover.
+
* '''Suggesting idea''' for new detectors that are not already cover.
 
* '''Coding new detectors or modifying exist ones'''. See [https://github.com/find-sec-bugs/find-sec-bugs/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22 Good first issue] on Github to get started
 
* '''Coding new detectors or modifying exist ones'''. See [https://github.com/find-sec-bugs/find-sec-bugs/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22 Good first issue] on Github to get started
* '''Reviewing the descriptions of the different vulnerabilities or this page '''
+
* '''Reviewing the descriptions of the different vulnerabilities, the website or this page. '''
 
</strong>
 
</strong>
  
== Project Resources ==
 
  
[https://find-sec-bugs.github.io/ Website]
+
==About==
 +
 
 +
{{:Template:Project About
 +
  | project_name = Find Security Bugs
 +
  | leader_name1 = [https://www.owasp.org/index.php/User:H3xstream Philippe Arteau]
 +
  | project_description = Static Code Analyzer for Java applications
 +
  | project_license = [http://www.gnu.org/licenses/lgpl.html LGPLv3]
 +
  | pamphlet_link = https://find-sec-bugs.github.io/
 +
  | current_release = [https://github.com/find-sec-bugs/find-sec-bugs/releases Visit the Github repository for the latest release]
 +
}}
  
[https://github.com/find-sec-bugs/find-sec-bugs/ GitHub page]
+
 +
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
  
[https://github.com/find-sec-bugs/find-sec-bugs/releases/ Release notes]
+
== Project Resources ==
  
 +
* [https://find-sec-bugs.github.io/ Website]
 +
* [https://github.com/find-sec-bugs/find-sec-bugs/ GitHub page]
 +
* [https://github.com/find-sec-bugs/find-sec-bugs/releases/ Release notes]
  
 
== Project Leader ==
 
== Project Leader ==
Line 67: Line 79:
  
  
==Project About==
 
 
{{:Template:Project About
 
  | project_name = Find Security Bugs
 
  | leader_name1 = [https://www.owasp.org/index.php/User:H3xstream Philippe Arteau]
 
  | project_description = Static Code Analyzer for Java applications
 
  | project_license = [http://www.gnu.org/licenses/lgpl.html LGPLv3]
 
  | pamphlet_link = https://find-sec-bugs.github.io/
 
  | current_release = [https://github.com/find-sec-bugs/find-sec-bugs/releases Visit the Github repository for the latest release]
 
}}
 
  
 
__NOTOC__ <headertabs />  
 
__NOTOC__ <headertabs />  
  
 
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Code]]
 
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Code]]

Revision as of 19:41, 20 March 2019

OWASP Project Header.jpg

Description

Find Security Bugs is a SpotBugs plugin for security audits of Java web applications and Android applications. It can detect 128 different vulnerability types including Command Injection, XPath Injection, SQL/HQL Injection, XXE and Cryptography weaknesses. SpotBugs is a static analysis tool that targets Java but also works with Groovy, Scala and Kotlin projects.

Licensing

This software is released under LGPL.

Roadmap

Theses are the current priorities:

  • Release a new version every few months.
  • Improve the quality of the static analysis detectors
  • Continue working on finding new vulnerabilities ideas and implementing detectors if there is an opportunity.
  • Improving the documentation for new contributors.

Getting Involved

Involvement in the development and promotion of Find Security Bugs is actively encouraged!

You can contribute by :

  • Suggesting idea for new detectors that are not already cover.
  • Coding new detectors or modifying exist ones. See Good first issue on Github to get started
  • Reviewing the descriptions of the different vulnerabilities, the website or this page.


About

PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: Find Security Bugs
Purpose: Static Code Analyzer for Java applications
License: LGPLv3
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: View
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases


Project Resources

Project Leader

Philippe Arteau

Related Projects

Classifications

Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png
LGPL License


Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Find_Security_Bugs&oldid=249068"