Skip to content

feat(lab5): ZAP baseline + auth + Semgrep + correlation#12

Merged
MikeNovikoff merged 1 commit into
mainfrom
feature/lab5
Jun 26, 2026
Merged

feat(lab5): ZAP baseline + auth + Semgrep + correlation#12
MikeNovikoff merged 1 commit into
mainfrom
feature/lab5

Conversation

@MikeNovikoff

Copy link
Copy Markdown
Owner

Goal

Submit Lab 5: SAST + DAST scanning of OWASP Juice Shop v20.0.0. Includes ZAP baseline + authenticated scans, Semgrep SAST analysis, and a cross-tool correlation report.


Changes

  • Added submissions/lab5.md with full lab report covering:
    • Task 1: ZAP baseline scan (4 alerts) + authenticated scan (52 alerts) with 13× ratio analysis
    • Task 2: Semgrep SAST severity breakdown + top-10 rules + triage shortcut + false-positive sample
    • Bonus: SAST/DAST correlation table with 3 confirmed cross-tool findings
    • Deep-dive on SQLi correlation: vulnerable code, working payload, and proposed fix

Testing

  • ZAP baseline scan completed against http://juice-shop:3000 via Docker container
  • Authenticated ZAP scan configured with default creds admin@juice-sh.op / admin123
  • Semgrep run against Juice Shop source pinned to v20.0.0 tag
  • Correlation verified by cross-referencing ZAP URI endpoints with Semgrep file paths

Artifacts

  • submissions/lab5.md — Lab 5 submission report

Checklist

  • Title is clear (feat(lab5): <topic>)
  • No secrets/large temp files committed
  • submissions/labN.md exists

Personal Notes

N/A

@MikeNovikoff MikeNovikoff merged commit 7f43b69 into main Jun 26, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant