Automated Code Review: WebGoat source code using the VCG SAST tool and verify the findings within the code.

For this assignment, My task is to scan the WebGoat source code using the VCG SAST tool and verify the findings within the code. In particular, you will be be using VisualCodeGrepper, which is an open-source SAST tool running on Windows. It supports multiple programming languages(C++, C#, VB, PHP, Java, and PL/SQL).

. Prepare a simple report based on OWASP Findings Report Guide, and submit the report in a PDF format There should be a section summarizing all the findings by:

Risk level
OWASP Top 10 Threats

To install VCG and run your scans, follow these instructions:

Download WebGoat 8.0 from GitHub in a zip format.
Extract the zip file into a directory.
Download VCG from the project page.
Install VCG on a Windows machine. Consider the system requirements on the project page.

College Homework Aid

Automated Code Review: WebGoat source code using the VCG SAST tool and verify the findings within the code.

Join Our Community

subscribe to our newsletter

College Homework Aid

quick links

let's talk

Disclaimer