We are happy to announce that version 1.08 of Securibench Micro has been released. Unlike Securibench, which contains large, real-life applications, Securibench Micro is a series of small test cases designed to excercise different parts of a static security analyzer. Each test case in Securibench Micro comes with an answer, which simplifies the comparison process.
All test cases included in this release can be installed on a standard application server such as Tomcat. So, in addition to using test cases contained in Securibench Micro to put a static analyser thorough its paces, Securibench Micro may be used to compare the effectiveness of runtime techniques such as penetration testing tools. These test cases suffer from a variety of vulnerabilities including
- SQL injection attacks
- Cross-site scripting attacks
- HTTP splitting attacks
- Path traversal attacks and potentially many others.
After years of being hosted at Stanford, we're now moving to Github.