Prompt To begin, open the code base in Eclipse. Refer to the Uploading Files to Eclipse Desktop Version Tutorial for testing the code base in Eclipse. Then integrate the Maven Dependency Check plug-in...

1 answer below »

Prompt


To begin, open the code base in Eclipse. Refer to the
Uploading Files to Eclipse Desktop Version Tutorial
for testing the code base in Eclipse. Then integrate the Maven Dependency Check plug-in for the
code base.




Please note:

“Integrating the Static Testing Tool” was a non graded task that you should have completed in the previous module, so you may have already completed these steps.


Follow the instructions in the
Integrating the Maven Dependency Check Plug-in Tutorialto learn how to integrate and run the dependency check plug-in into Maven for conducting static testing. Use the instructions in the tutorial to identify the software security vulnerabilities. Specifically, address the following in a
Static Testing Summary:





    • Run the dependency check
      on the code base. Include a screenshot of the HTML report in your Static Testing Summary. Be sure the screenshot includes the scan information at the top of the dependency check report.

    • In addition to showing that the dependency check ran effectively,
      document the results
      from the dependency check. Be sure to identify the codes and descriptions of the dependencies found by including these details for each dependency in your Static Testing Summary.


    • Interpret the results
      to identify widely accepted solutions for addressing dependencies in the code base. Summarize your findings in your Static Testing Summary. You can refer to industry standard guidelines such as the
      Common Vulnerabilities and Exposures
      (CVE) and the
      National Vulnerability Database
      (NVD). Consider why false positives should be filtered from the dependency check tool and discuss in your Static Testing Summary.


Answered 1 days AfterJul 04, 2022

Answer To: Prompt To begin, open the code base in Eclipse. Refer to the Uploading Files to Eclipse Desktop...

Deepak answered on Jul 06 2022
72 Votes
CS 305 Module Two Static Testing Summary Template
    
CS 305 Module Two Static Testing Summary Templ
ate
Instructions
Replace the bracketed text with your own words. If you choose to include images or supporting materials, be sure to insert them throughout.
Run Dependency Check
Document Results
    Dependency
    Vulnerability IDs
    Description
    hibernate-validator-6.0.18.Final.jar
    cpe:2.3:a:redhat:hibernate_validator:6.0.18
    Hibernate's Bean Validation (JSR-380) reference implementation.
    jackson-databind-2.10.2.jar
    cpe:2.3:a:fasterxml:jackson-databind:2.10.2
cpe:2.3:a:fasterxml:jackson-modules-java8:2.10.2
    General data-binding functionality for Jackson: works on core streaming API
    log4j-api-2.12.1.jar
    cpe:2.3:a:apache:log4j:2.12.
    The Apache Log4j API
    logback-core-1.2.3.jar
    cpe:2.3:a:qos:logback:1.2.3:
    logback-core...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here