Lab5 submission: Basanov Maxim

[scruffyscarf]

Goal

Perform Static Application Security Testing (SAST) using Semgrep and Dynamic Application Security Testing (DAST) using multiple tools (ZAP, Nuclei, Nikto, SQLmap) against OWASP Juice Shop to identify security vulnerabilities and compare tool effectiveness.

Changes

• Added labs/lab5/analysis/correlation.txt
• Added labs/lab5/analysis/dast-analysis.txt
• Added labs/lab5/analysis/sast-analysis.txt
• Added labs/lab5/nikto/nikto-results.txt
• Added labs/lab5/nuclei/nuclei-results.json
• Added labs/lab5/semgrep/juice-shop
• Added labs/lab5/semgrep/semgrep-report.txt
• Added labs/lab5/semgrep/semgrep-results.json
• Added labs/lab5/sqlmap/localhost/log
• Added labs/lab5/sqlmap/localhost/session.sqlite
• Added labs/lab5/sqlmap/localhost/target.txt
• Added labs/lab5/sqlmap/results-09292025_0215pm.csv
• Added labs/lab5/zap/zap-report.json
• Added labs/submission5.md

Testing

No testing

Artifacts & Screenshots

labs/lab5
├── analysis
│   ├── correlation.txt
│   ├── dast-analysis.txt
│   └── sast-analysis.txt
├── nikto
│   └── nikto-results.txt
├── nuclei
│   └── nuclei-results.json
├── semgrep
│   ├── juice-shop
│   ├── semgrep-report.txt
│   └── semgrep-results.json
├── sqlmap
│   ├── localhost
│   │   ├── log
│   │   ├── session.sqlite
│   │   └── target.txt
│   └── results-09292025_0215pm.csv
└── zap
    └── zap-report.json

Checklist

• Task 1 done — SAST Analysis with Semgrep
• Task 2 done — DAST Analysis (ZAP + Nuclei + Nikto + SQLmap)
• Task 3 done — SAST/DAST Correlation
• PR has a clear and descriptive title
• Documentation has been updated if necessary
• No sensitive data or large temporary files have been committed