OWASP Benchmark

Hdiv Detection (IAST)

What is the OWASP Benchmark?

The OWASP Benchmark for Security Automation (OWASP Benchmark) is a free and open test suite designed to evaluate the speed, coverage, and accuracy of automated software vulnerability detection tools and services (henceforth simply referred to as 'tools'). Without the ability to measure these tools, it is difficult to understand their strengths and weaknesses, and compare them to each other. Each version of the OWASP Benchmark contains thousands of test cases that are fully runnable and exploitable, each of which maps to the appropriate CWE number for that vulnerability.

You can use the OWASP Benchmark with Static Application Security Testing (SAST) tools, Dynamic Application Security Testing (DAST) tools like OWASP ZAP and Interactive Application Security Testing (IAST) tools. The current version of the Benchmark is implemented in Java. Future versions may expand to include other languages.

The Hdiv results

Hdiv Detection (IAST) scores 100% in OWASP Benchmark with 0 false positives.

These are the details corresponding of the points in the graph:

Category CWE # TP FN TN FP Total TPR FPR Score
Command Injection 78 126 0 125 0 251 100,00% 0,00% 100,00%
Cross-Site Scripting 79 246 0 209 0 455 100,00% 0,00% 100,00%
Insecure Cookie 614 36 0 31 0 67 100,00% 0,00% 100,00%
LDAP Injection 90 27 0 32 0 59 100,00% 0,00% 100,00%
Path Traversal 22 133 0 135 0 268 100,00% 0,00% 100,00%
SQL Injection 89 272 0 232 0 504 100,00% 0,00% 100,00%
Trust Boundary Violation 501 83 0 43 0 126 100,00% 0,00% 100,00%
Weak Encryption Algorithm 327 130 0 116 0 246 100,00% 0,00% 100,00%
Weak Hash Algorithm 328 129 0 107 0 236 100,00% 0,00% 100,00%
Weak Random Number 330 218 0 275 0 493 100,00% 0,00% 100,00%
XPath Injection 643 15 0 20 0 35 100,00% 0,00% 100,00%
Totals 1415 0 1325 0 2740
Overall Results 100,00% 0,00% 100,00%

I want to see it for myself