LAPSE: Web Application Security Scanner for Java

Links

Application Security

• OWASP

• Web Application Security Consortium

• Secure Coding: Principles & Practices

Relevant Research

LAPSE has been developed at Stanford University as part of the Griffin application security project. The goal of the Griffin Software Security Project is to improve the security of Web applications through static and dynamic analysis.

Lightweight code scanning tools for security

• Rats

• pscan

• FlawFinder

• Splint

Benchmarking Efforts

• Our very own Stanford SecuriBench.

• Our very own Stanford SecuriBench Micro.

• MIT Lincoln lab benchmarks

• NIST SRD benchmark

• Fortify Software benchmarks

• Foundstone's Hackme Books.

• OWASP's WebGoat, which is included as part of SecuriBench.