Juice-shop

Published on
June 6, 2026
Crawling Isn't Attacking: A Live-Fire DAST Benchmark
dast dynamic-analysis klue benchmark juice-shop owasp-zap burp-suite acunetix appsec autonomous-security ai-pentesting
We pointed OWASP ZAP, Burp Suite, Acunetix, and our own KLUE at the same live, deliberately-broken web app. Three of them crawled it and reported headers. One forged an admin token, dumped every user, and reset the admin password, all from two requests, unauthenticated. A field report on what dynamic scanners can and cannot reach.
Published on
May 16, 2026
Four SAST Tools, One Broken App, and the AI That Hit Zero False Positives
sast static-analysis klue benchmark juice-shop semgrep sonarqube snyk-code appsec autonomous-security ai-pentesting
A SAST benchmark on OWASP Juice Shop pitting Semgrep, SonarQube, and Snyk Code against KLUE, our autonomous source code analysis platform. The story is in the precision column, and in the vulnerability classes that have no pattern to match at all.

Crawling Isn't Attacking: A Live-Fire DAST Benchmark