Great Deal! Get Instant $10 FREE in Account on First Order + 10% Cashback on Every Order Order Now

Prompt To begin, open the code base in Eclipse. Refer to the Uploading Files to Eclipse Desktop Version Tutorial for testing the code base in Eclipse. Then integrate the Maven Dependency Check plug-in...

1 answer below »

Prompt

To begin, open the code base in Eclipse. Refer to the Uploading Files to Eclipse Desktop Version Tutorial for testing the code base in Eclipse. Then integrate the Maven Dependency Check plug-in for the code base.

Please note: “Integrating the Static Testing Tool” was a non graded task that you should have completed in the previous module, so you may have already completed these steps.

Follow the instructions in the Integrating the Maven Dependency Check Plug-in Tutorialto learn how to integrate and run the dependency check plug-in into Maven for conducting static testing. Use the instructions in the tutorial to identify the software security vulnerabilities. Specifically, address the following in a Static Testing Summary:

    • Run the dependency check on the code base. Include a screenshot of the HTML report in your Static Testing Summary. Be sure the screenshot includes the scan information at the top of the dependency check report.
    • In addition to showing that the dependency check ran effectively, document the results from the dependency check. Be sure to identify the codes and descriptions of the dependencies found by including these details for each dependency in your Static Testing Summary.
    • Interpret the results to identify widely accepted solutions for addressing dependencies in the code base. Summarize your findings in your Static Testing Summary. You can refer to industry standard guidelines such as the Common Vulnerabilities and Exposures (CVE) and the National Vulnerability Database (NVD). Consider why false positives should be filtered from the dependency check tool and discuss in your Static Testing Summary.
cs-305-module-two-static-testing-code-base-y5nhjmwe.zip cs-305-module-two-static-testing-summary-template-n0iu04zl.docx cs-305-integrating-the-maven-dependency-check-plug-in-tutorial-m1bqm4tn.pdf
Answered 1 days After Jul 04, 2022

Solution

Deepak answered on Jul 06 2022
81 Votes
CS 305 Module Two Static Testing Summary Template
    
CS 305 Module Two Static Testing Summary Template
Instructions
Replace the
acketed text with your own words. If you choose to include images or supporting materials, be sure to insert them throughout.
Run Dependency Check
Document Results
    Dependency
    Vulnerability IDs
    Description
    hibernate-validator-6.0.18.Final.ja
    cpe:2.3:a:redhat:hibernate_validator:6.0.18
    Hibernate's Bean Validation (JSR-380) reference implementation.
    jackson-databind-2.10.2.ja
    cpe:2.3:a:fasterxml:jackson-databind:2.10.2
cpe:2.3:a:fasterxml:jackson-modules-java8:2.10.2
    General data-binding functionality for Jackson: works on core streaming API
    log4j-api-2.12.1.ja
    cpe:2.3:a:apache:log4j:2.12.
    The Apache Log4j API
    logback-core-1.2.3.ja
    cpe:2.3:a:qos:logback:1.2.3:
    logback-core...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Attach File