Klagarge/MSE-CyberSec-DevSecOps
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Files
a718be6da877087673c42586a14aaab307be0cbe
MSE-CyberSec-DevSecOps/docs/questions-part3.md
Michael Mäder ab278cc9b3 questions3 and some practical misc stuff
2025-03-26 18:34:30 +00:00

1.3 KiB
Raw Blame History

Questions

Part 3

  • Q3.1: Setup your CI/CD pipeline with an additional SAST solution. I propose that you use semgrep for this task. Get your inspiration here: https://semgrep.dev/for/gitlab and https://docs.gitlab.com/ee/user/application_security/sast/
  • Q3.2: Describe the found problems (alerts) in the calculator app (in the original code, git tag v3.0)
  • Q3.3: Install DAST OWASP ZAP on your host or in a Docker. Play with OWASP ZAP, analyze the calculator code
  • Q3.4: Implement a DAST solution in your pipeline. Get some inspiration here https://docs.gitlab.com/ee/user/application_security/dast/ . Describe what you have integrated in your pipeline. Note: you must ensure that your application is running while you are testing!
  • Q3.5 (optional): Normally, the provided code has some bugs, which are discovered by SAST solution. Describe the found bugs (in the original code, git tag v3.0) and provide solution to remediate the problems. Indicate which commit/tag contains the corrected code
  • Q3.6 (optional): Describe the found bugs (in the original code, git tag v3.0) with DAST and provide solution to remediate the problems. Indicate which commit/tag contains the corrected code. Do corrections only in the provided code (no libraries)