For this assignment, My task is to scan the WebGoat source code using the VCG SAST tool and verify the findings within the code. In particular, you will be be using VisualCodeGrepper, which is an open-source SAST tool running on Windows. It supports multiple programming languages(C++, C#, VB, PHP, Java, and PL/SQL).
. Prepare a simple report based on OWASP Findings Report Guide, and submit the report in a PDF format There should be a section summarizing all the findings by:
- Risk level
- OWASP Top 10 Threats
To install VCG and run your scans, follow these instructions: