Automated Code Review: WebGoat Source Code Using The VCG SAST Tool And Verify The Findings Within The Code

Automated Code Review: WebGoat Source Code Using The VCG SAST Tool And Verify The Findings Within The Code

Question # 00797791 Posted By: 235 Updated on: 03/11/2021 09:50 AM Due on: 03/22/2021
Subject Computer Science Topic General Computer Science Tutorials:
Question
Dot Image

For this assignment, My task is to scan the WebGoat source code using the VCG SAST tool and verify the findings within the code. In particular, you will be be using VisualCodeGrepper, which is an open-source SAST tool running on Windows. It supports multiple programming languages(C++, C#, VB, PHP, Java, and PL/SQL).

. Prepare a simple report based on OWASP Findings Report Guide, and submit the report in a PDF format   There should be a section summarizing all the findings by:

  1. Risk level
  2. OWASP Top 10 Threats

To install VCG and run your scans, follow these instructions:

  1. Download WebGoat 8.0 from GitHub in a zip format.
  2. Extract the zip file into a directory.
  3. Download VCG from the project page.
  4. Install VCG on a Windows machine. Consider the system requirements on the project page.
Dot Image
Report this Question as Inappropriate

Click chat on right side to get answer. Click on Chat

Related Questions and Answers

Whatsapp Lisa