docs(lab5): add lab5 submission - SAST/multi-approach DAST security analysis#461
Open
3llimi wants to merge 20 commits intoinno-devops-labs:mainfrom
Open
docs(lab5): add lab5 submission - SAST/multi-approach DAST security analysis#4613llimi wants to merge 20 commits intoinno-devops-labs:mainfrom
3llimi wants to merge 20 commits intoinno-devops-labs:mainfrom
Conversation
Create pull_request_template.md
docs(lab1): OWASP Juice Shop deployment and security triage
docs(lab2): complete lab2 threat modeling with Threagile analysis
feat: Lab 3 — SSH commit signing and pre-commit secret scanning
docs: Lab4 submission - SBOM generation and SCA comparison
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Goal
Complete Lab 5 — SAST & DAST security analysis of OWASP Juice Shop v19.0.0.
Performed static analysis with Semgrep and dynamic analysis with ZAP, Nuclei, Nikto, and SQLmap.
Correlated findings across all tools to produce a comprehensive security assessment.
Changes
labs/submission5.md— full lab report covering SAST, DAST, and correlation analysislabs/lab5/semgrep/semgrep-results.json— Semgrep JSON output (25 findings)labs/lab5/semgrep/semgrep-report.txt— Semgrep human-readable reportlabs/lab5/zap/report-noauth.html— ZAP unauthenticated baseline scan reportlabs/lab5/report-auth.html— ZAP authenticated scan report (2 High, 8 Medium, 8 Low)labs/lab5/scripts/zap-auth.yaml— ZAP Automation Framework config with admin credentialslabs/lab5/nuclei/nuclei-results.json— Nuclei scan output (25 matches)labs/lab5/nikto/nikto-results.txt— Nikto scan output (82 findings)labs/lab5/sqlmap/— SQLmap output confirming SQLi on search endpointTesting
/metricsendpoint/ftp/exposure/rest/products/search?q=*with working payload in 40 requestsArtifacts & Screenshots
labs/lab5/report-auth.html— Full ZAP authenticated scan report (open in browser)labs/lab5/semgrep/semgrep-results.json— Machine-readable SAST findingslabs/lab5/nuclei/nuclei-results.json— Nuclei template matcheslabs/lab5/nikto/nikto-results.txt— Nikto server scan output') AND 3692=3692 AND ('DEov' LIKE 'DEovon search endpointChecklist