Reference no: EM132321151
Lab: Interpret Static Analysis Reports
One of the topics discussed in your text for this module is the need for clear reports generated by static analysis tools to ensure that developers, testers, and others can identify the areas of vulnerability in the code. In this activity, you will compare and interpret test results using the Fortify On Demand Tool. You will look at one of the greatest areas of vulnerability in software code - Payment Card Industry (PCI) compliance.
Using the Fortify On Demand Tool, you utilized in the last module, run the Payment Card Industry Data Security Standard (PCI DSS) report for all the three sample codes -Dynamic, Static, and Mobile. When you click on the report generation wizard to create a report, you can pick the report template. For this activity, you will pick FoD PCI 2.0 DSS Compliance as the report template.
You are then to compare and analyze the results of the three reports and write a three-page report detailing the key findings for each sample code and comparing the results. Your report should include the screen shots of the report and the screen shot of the scans being completed. Which code is most secure? Which code is most insecure? Please support your answers with specific results from the reports and supporting discussion.
Compose your work in a .doc or .docx file type using a word processor (such as Microsoft Word, etc.) and save it frequently to your computer. For those assignments that are not written essays and require uploading images or PowerPoint slides, please follow uploading guidelines provided by your instructor.
Attachment:- Assignment File.rar