Automated code review: webgoat source code using the vcg sast tool


For this assignment, My task is to scan the WebGoat source code using the VCG SAST tool and verify the findings within the code. In particular, you will be be using VisualCodeGrepper, which is an open-source SAST tool running on Windows. It supports multiple programming languages(C++, C#, VB, PHP, Java, and PL/SQL).

. Prepare a simple report based on OWASP Findings Report Guide, and submit the report in a PDF format   There should be a section summarizing all the findings by:

  1. Risk level
  2. OWASP Top 10 Threats

To install VCG and run your scans, follow these instructions:

  1. Download WebGoat 8.0 from GitHub in a zip format.
  2. Extract the zip file into a directory.
  3. Download VCG from the project page.
  4. Install VCG on a Windows machine. Consider the system requirements on the project page.