[Owasp-egypt] FW: [Owasp-leaders] Awesome free repository of vulnerable code examples!

Omar Sherin omar.sherin at owasp.org
Sat Apr 2 05:24:09 EDT 2011


Kindly find below a good reference for vulnerable code examples and test
cases compiled by the American National Institute for Standards (NIST) , in
a US government project.


Omar Sherin


From:  Jeff Williams <jeff.williams at owasp.org>
Reply-To:  "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
Date:  Wed, 30 Mar 2011 12:30:33 -0700
To:  "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
Subject:  [Owasp-leaders] Awesome free repository of vulnerable code

I¹ve been working with some government types on static analysis and
convinced them to release their suite of test cases in the public domain.
This is a huge collection of test cases covering a fair swath of CWE¹s.
Java                      106 CWE¹s           13782 test cases
C/C++                   116 CWE¹s           45309 test cases
They don¹t want any attribution for their work and they agreed to put all of
this work into the public domain.   You can download the test cases at
I¹m optimistic that we can use this to create even better tools and
analysis.  I¹d like to see a real SiteGenerator where we can specify the
parameters for the selection and vdensity of vulnerabilities in the
application.  We can also use to build great learning tools, vulnerability
detectors, or even as certification type questions.
Let¹s make something great!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-egypt/attachments/20110402/18a8b53c/attachment.html 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001..txt
Url: https://lists.owasp.org/pipermail/owasp-egypt/attachments/20110402/18a8b53c/attachment.txt 

More information about the Owasp-egypt mailing list