ZAP vs OWASP Benchmark

OWASP Benchmark is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools.

You can find the home page for the project at https://owasp.org/www-project-benchmark/ and the source code at https://github.com/OWASP-Benchmark/BenchmarkJava.

Click on the Sections to see the full set of results, which include the path of the test in the application and the scan rule which should find the vulnerability.

Section Total Tests Passes Fails Score
Command Injection
251 224 27 89%
Config Details
Frequency Daily
Scripts https://github.com/zapbot/zap-mgmt-scripts/blob/master/scans/benchmark/
Action https://github.com/zapbot/zap-mgmt-scripts/actions/workflows/zap-vs-owasp-benchmark.yml