This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Find Security Bugs"

From OWASP
Jump to: navigation, search
(Fix the right bar)
(Project about section is redundant.)
Line 33: Line 33:
 
* '''Reviewing the descriptions of the different vulnerabilities, the website or this page. '''
 
* '''Reviewing the descriptions of the different vulnerabilities, the website or this page. '''
 
</strong>
 
</strong>
 
 
==About==
 
 
{{:Template:Project About
 
  | project_name = Find Security Bugs
 
  | leader_name1 = [https://www.owasp.org/index.php/User:H3xstream Philippe Arteau]
 
  | project_description = Static Code Analyzer for Java applications
 
  | project_license = [http://www.gnu.org/licenses/lgpl.html LGPLv3]
 
  | pamphlet_link = https://find-sec-bugs.github.io/
 
  | current_release = [https://github.com/find-sec-bugs/find-sec-bugs/releases Visit the Github repository for the latest release]
 
}}
 
  
 
 

Revision as of 19:44, 20 March 2019

OWASP Project Header.jpg

Description

Find Security Bugs is a SpotBugs plugin for security audits of Java web applications and Android applications. It can detect 128 different vulnerability types including Command Injection, XPath Injection, SQL/HQL Injection, XXE and Cryptography weaknesses. SpotBugs is a static analysis tool that targets Java but also works with Groovy, Scala and Kotlin projects.

Licensing

This software is released under LGPL.

Roadmap

Theses are the current priorities:

  • Release a new version every few months.
  • Improve the quality of the static analysis detectors
  • Continue working on finding new vulnerabilities ideas and implementing detectors if there is an opportunity.
  • Improving the documentation for new contributors.

Getting Involved

Involvement in the development and promotion of Find Security Bugs is actively encouraged!

You can contribute by :

  • Suggesting idea for new detectors that are not already cover.
  • Coding new detectors or modifying exist ones. See Good first issue on Github to get started
  • Reviewing the descriptions of the different vulnerabilities, the website or this page.


Project Resources

Project Leader

Philippe Arteau

Related Projects

Classifications

Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png
LGPL License


Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Find_Security_Bugs&oldid=249069"