Lab 05 Solution#6

Open

ph1larmon1a wants to merge 1 commit intomainfrom

Owner

ph1larmon1a commented Oct 10, 2025

Goal

Add lab 5 submission materials for SAST and DAST analysis using Semgrep, ZAP, Nuclei, Nikto, and SQLmap.

Changes

Added labs/submission5.md documenting all security scanning tasks (SAST/DAST).
Included summarized findings, tool comparisons, and integrated security recommendations.
Recorded results for Semgrep (25 findings), ZAP (0), Nuclei (3), Nikto (14), and SQLmap (confirmed SQLi).
Updated report sections concisely for submission.

Testing

Ran Semgrep with OWASP and security-audit rules to verify static analysis output.
Deployed OWASP Juice Shop in Docker and executed ZAP, Nuclei, Nikto, and SQLmap scans.
Verified JSON and text outputs were correctly saved to respective labs/lab5/* directories.
Cross-checked all counts in analysis/dast-analysis.txt and analysis/sast-analysis.txt.
Confirmed final markdown report renders correctly and aligns with submission requirements.

Artifacts & Screenshots

OWASP zap
- labs/lab5/zap/*
Nuclei
- labs/lab5/nuclei/*
Nikto
- labs/lab5/nikto/*
Semgrep
- labs/lab5/semgrep/*
SQLmap
- labs/lab5/sqlmap/*
Analysis & Comparison
- labs/lab5/analysis/correlation.txt
- labs/lab5/analysis/dast-analysis.txt
- labs/lab5/analysis/sast-analysis.txt
Write-up
- labs/submission5.md (final report)

Checklist

PR has a clear and descriptive title
Documentation updated if needed
No secrets or large temporary files committed
Task 1 done — SAST Analysis with Semgrep
Task 2 done — DAST Analysis (~~ZAP~~ + Nuclei + Nikto + SQLmap)
Task 3 done — SAST/DAST Correlation


          docs: add lab5 submission - SAST/multi-approach DAST security analysis

55335c3

ph1larmon1a mentioned this pull request

Lab 05 Solution - Aleksei Fominykh inno-devops-labs/DevSecOps-Intro#110

Closed

6 tasks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet