This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Find Security Bugs"

From OWASP
Jump to: navigation, search
(Add sponsor)
Line 28: Line 28:
 
* '''Coding new detectors or modifying exist ones'''. See [https://github.com/find-sec-bugs/find-sec-bugs/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22 Good first issue] on Github to get started
 
* '''Coding new detectors or modifying exist ones'''. See [https://github.com/find-sec-bugs/find-sec-bugs/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22 Good first issue] on Github to get started
 
* '''Reviewing the descriptions''' of the [https://find-sec-bugs.github.io/bugs.htm different vulnerabilities], [https://find-sec-bugs.github.io the website] or this page.  
 
* '''Reviewing the descriptions''' of the [https://find-sec-bugs.github.io/bugs.htm different vulnerabilities], [https://find-sec-bugs.github.io the website] or this page.  
+
 
 +
==Project Sponsors==
 +
 
 +
The project's development is support by [https://www.gosecure.net/ GoSecure] since 2016.
 +
 
 +
 
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
  

Revision as of 18:51, 29 March 2019

OWASP Project Header.jpg

Description

Find Security Bugs is a SpotBugs plugin for security audits of Java web applications and Android applications. It can detect 128 different vulnerability types including Command Injection, XPath Injection, SQL/HQL Injection, XXE and Cryptography weaknesses. SpotBugs is a static analysis tool that targets Java but also works with Groovy, Scala and Kotlin projects.

Licensing

This software is released under LGPL.

Roadmap

Theses are the current priorities:

  • Release a new version every few months.
  • Improve the quality of the static analysis detectors
  • Continue working on finding new vulnerabilities ideas and implementing detectors if there is an opportunity.
  • Improving the documentation for new contributors.

Getting Involved

Involvement in the development and promotion of Find Security Bugs is actively encouraged!

You can contribute by :

Project Sponsors

The project's development is support by GoSecure since 2016.


Project Resources

Project Leader

Philippe Arteau

Related Projects

Classifications

Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png
LGPL License


Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Find_Security_Bugs&oldid=249455"