How to download the dataset

Question

How to download the dataset

heewonB opened this issue a year ago · 2 comments

Hi.
I am conducting research to detect crypto misuse. I want to use OWASP's Weak Encryption Algorithm Category as the dataset, and successfully connected to https://localhost:8443/benchmark/ by following the instructions on the homepage. There are a lot of BenchmarkTestxxxxx.java files, but when I click on them, an answer box appears, so I'm not sure how to download the data. Could you please explain in detail?
Thanks for your help :)

Answer 1 · 2024-01-02T17:11:30.000Z

The application is a deliberately vulnerable application used to test how good tools are at finding vulnerabilities while avoiding false positives. The application itself doesn't provide any data directly. It is a passive application you attack to find vulnerabilities, or scan its code to find vulnerabilities. The expected results .csv file indicates which test cases are true or false positives and their CWE categories but nowhere are the vulnerabilities explained. You have to figure that out yourself, or the tool you are using is supposed to figure that out.