From 71139529fde6601815d077e7f4d0d757682e3fec Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Fri, 19 Sep 2025 10:31:11 +0200 Subject: [PATCH 1/9] Update readme.md with draft of dotTEST capabilities --- readme.md | 76 ++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 56 insertions(+), 20 deletions(-) diff --git a/readme.md b/readme.md index 6cba364..b7537ed 100644 --- a/readme.md +++ b/readme.md @@ -1,36 +1,71 @@ -# WebGoat.NET version 0.3 +# dotTEST WebGoat.NET Example -## Build status +This example shows the following dotTEST capabilities: + +- static analysis and flow analysis capabilities +- integration with GitHub pipelines via [Run dotTEST Action](https://github.com/parasoft/run-dottest-action) +- integration with Aider to perform static analysis fixes in GitHub pipelines (dotTEST Autofix feature) + +## Table of contents + +- [dotTEST capabilities](#dotTEST-capabilities) +- [WebGoat.NET](#WebGoat.NET-version-0.3) + +## dotTEST capabilities + +### Static Analysis + +TODO: Shortly describe static/Flow Analysis +TODO: Add link to official dotTEST documentation + +### Run dotTEST GitHub Action + +TODO: Describe shortly the capabilities of the dotTEST Action +TODO: Prepare shot yaml example / add link to example + +[Run dotTEST Action project](https://github.com/parasoft/run-dottest-action) +[Run dotTEST Action @ GitHub Marketplace](https://github.com/marketplace/actions/run-parasoft-dottest) + + +### Autofix in CI/CD with Aider + +TODO: Describe shortly what is the Autofix feature +TODO: Add short yaml script snippet +TODO: Add link to official documentation describing this feature + +## WebGoat.NET version 0.3 + +### Build status ![build .NET 8](https://github.com/tobyash86/WebGoat.NET/workflows/build%20.NET%208/badge.svg) -## The next generation of the WebGoat example project to demonstrate OWASP TOP 10 vulnerabilities +### The next generation of the WebGoat example project to demonstrate OWASP TOP 10 vulnerabilities This is a re-implementation of the original [WebGoat project for .NET](https://github.com/rappayne/WebGoat.NET). This web application is a learning platform that attempts to teach about common web security flaws. It contains generic security flaws that apply to -most web applications. It also contains lessons that specifically pertain to +most web applications. It also includes lessons that specifically pertain to the .NET framework. The exercises in this app are intended to teach about web security attacks and how developers can overcome them. -### WARNING!: +#### WARNING!: THIS WEB APPLICATION CONTAINS NUMEROUS SECURITY VULNERABILITIES WHICH WILL RENDER YOUR COMPUTER VERY INSECURE WHILE RUNNING! IT IS HIGHLY RECOMMENDED TO COMPLETELY DISCONNECT YOUR COMPUTER FROM ALL NETWORKS WHILE RUNNING! -### Notes: +#### Notes: - Google Chrome performs filtering for reflected XSS attacks. These attacks - will not work unless chrome is run with the argument + will not work unless Chrome is run with the argument `--disable-xss-auditor`. -## Requirements +### Requirements - .NET 8 SDK -## How to build and run +### How to build and run -### 1. Running in a Docker container +#### 1. Running in a Docker container The provided Dockerfile is compatible with both Linux and Windows containers. To build a Docker image, execute the following command: @@ -39,9 +74,9 @@ To build a Docker image, execute the following command: docker build --pull --rm -t webgoat.net . ``` -Please note that Linux image is already built by pipeline and can be pulled from [here](https://github.com/users/tobyash86/packages?repo_name=WebGoat.NET). +Please note that the Linux image is already built by the pipeline and can be pulled from [here](https://github.com/users/tobyash86/packages?repo_name=WebGoat.NET). -#### Linux containers +##### Linux containers To run the `webgoat.net` image, execute the following command: @@ -49,9 +84,9 @@ To run the `webgoat.net` image, execute the following command: docker run --rm -d -p 5000:80 --name webgoat.net webgoat.net ``` -WebGoat.NET website should be accessible at http://localhost:5000. +The WebGoat.NET website should be accessible at http://localhost:5000. -#### Windows containers +##### Windows containers To run `webgoat.net` image, execute the following command: @@ -78,7 +113,7 @@ Ethernet adapter Ethernet: In the above example, you can access the WebGoat.NETCore website at http://172.29.245.43. -#### Stopping Docker container +##### Stopping Docker container To stop the `webgoat.net` container, execute the following command: @@ -86,7 +121,7 @@ To stop the `webgoat.net` container, execute the following command: docker stop webgoat.net ``` -### 2. Run locally using dotnet.exe (Kestrel) +#### 2. Run locally using dotnet.exe (Kestrel) 1. Build and publish WebGoat.NET with the following command: @@ -102,18 +137,19 @@ The web application will be deployed to the `app` folder in the current director dotnet ./app/WebGoat.NET.dll --urls=http://localhost:5000 ``` -The the WebGoat.NET website will be accessible at the URL specified with the `--urls` parameter: http://localhost:5000. +The WebGoat.NET website will be accessible at the URL specified with the `--urls` parameter: http://localhost:5000. -### 3. Run using a script -The WebGoat.NET projects ships with scripts that allow you to conveniently run the web application. The following scripts are located in the the "script" directory in the root of the project: +#### 3. Run using a script +The WebGoat.NET project ships with scripts that allow you to conveniently run the web application. The following scripts are located in the "script" directory in the root of the project: - runInDocker.bat - Runs the application in a Docker container on Windows. - runInDocker.sh - Runs the application in a Docker container on Linux. - runLocal.bat - Runs the application locally on Windows. - runLocal.sh - Runs the application locally on Linux. -## Known issues: +### Known issues: 1. The latest OWASP Top 10 is not covered. The uncovered vulnerabilities need to be added to the code base. 2. Educational documents/trainings for any categories of the latest OWASP Top 10 are not available. + From 6b39c23e5d722e05327662762d08460c6adefedf Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Fri, 19 Sep 2025 10:31:45 +0200 Subject: [PATCH 2/9] Update readme.md - fix hyperlink --- readme.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index b7537ed..35f1b0d 100644 --- a/readme.md +++ b/readme.md @@ -9,7 +9,7 @@ This example shows the following dotTEST capabilities: ## Table of contents - [dotTEST capabilities](#dotTEST-capabilities) -- [WebGoat.NET](#WebGoat.NET-version-0.3) +- [WebGoat.NET](#WebGoat.NET-version-03) ## dotTEST capabilities @@ -153,3 +153,4 @@ The WebGoat.NET project ships with scripts that allow you to conveniently run th + From 26c3090c4aed6011c4a468d0f7383a6befd85c22 Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Fri, 19 Sep 2025 10:32:20 +0200 Subject: [PATCH 3/9] Update readme.md - fix link again --- readme.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 35f1b0d..f0f2955 100644 --- a/readme.md +++ b/readme.md @@ -9,7 +9,7 @@ This example shows the following dotTEST capabilities: ## Table of contents - [dotTEST capabilities](#dotTEST-capabilities) -- [WebGoat.NET](#WebGoat.NET-version-03) +- [WebGoat.NET](#WebGoatNET-version-03) ## dotTEST capabilities @@ -154,3 +154,4 @@ The WebGoat.NET project ships with scripts that allow you to conveniently run th + From 6874ad55281aeaae8fb7319f6c0cc5ca0630dc66 Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Fri, 19 Sep 2025 10:38:33 +0200 Subject: [PATCH 4/9] Update readme.md improve ToC --- readme.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index f0f2955..804a077 100644 --- a/readme.md +++ b/readme.md @@ -9,7 +9,7 @@ This example shows the following dotTEST capabilities: ## Table of contents - [dotTEST capabilities](#dotTEST-capabilities) -- [WebGoat.NET](#WebGoatNET-version-03) +- [About WebGoat.NET project](#WebGoatNET-version-03) ## dotTEST capabilities @@ -155,3 +155,4 @@ The WebGoat.NET project ships with scripts that allow you to conveniently run th + From 1c54cacf80b6ffc4b5ebb4ce088f18d85c2bdf76 Mon Sep 17 00:00:00 2001 From: ijarosz <105916591+ijarosz@users.noreply.github.com> Date: Wed, 24 Sep 2025 15:21:24 +0200 Subject: [PATCH 5/9] Added info in the SA/FA, GitHub and Autofix sections. Various other updates. --- readme.md | 93 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 41 deletions(-) diff --git a/readme.md b/readme.md index 804a077..558da84 100644 --- a/readme.md +++ b/readme.md @@ -2,70 +2,80 @@ This example shows the following dotTEST capabilities: -- static analysis and flow analysis capabilities -- integration with GitHub pipelines via [Run dotTEST Action](https://github.com/parasoft/run-dottest-action) -- integration with Aider to perform static analysis fixes in GitHub pipelines (dotTEST Autofix feature) +- Static analysis and flow analysis capabilities +- Integration with GitHub pipelines via the [Run dotTEST Action](https://github.com/parasoft/run-dottest-action) +- Integration with Aider to apply static analysis fixes in GitHub pipelines (dotTEST Autofix feature) -## Table of contents +## Table of Contents - [dotTEST capabilities](#dotTEST-capabilities) - [About WebGoat.NET project](#WebGoatNET-version-03) -## dotTEST capabilities +## dotTEST Capabilities ### Static Analysis -TODO: Shortly describe static/Flow Analysis -TODO: Add link to official dotTEST documentation +Static analysis and flow analysis help you verify code quality and ensure compliance with industry standards, such as CWE or OWASP. Static analysis is a software testing method done by examining the source code without executing it to detect errors, vulnerabilities, and violations of coding standards. Flow analysis refers to the examination and evaluation of data or control flow within a program or system to identify potential issues such as resource leaks, dead code, security vulnerabilities, or performance bottlenecks. +See [Parasoft dotTEST User Guide](https://docs.parasoft.com/display/DOTTEST20251) for details regarding static and flow analysis with dotTEST as well as other dotTEST capabilities. -### Run dotTEST GitHub Action +### Run Parasoft dotTEST GitHub Action + +The `Run Parasoft dotTEST` action enables you to run code analysis with dotTEST and review analysis results directly on GitHub. To launch code analysis with dotTEST, add the `Run Parasoft dotTEST` action to your GitHub workflow. The following example shows a simple workflow made up of one job "run-dottest-action": -TODO: Describe shortly the capabilities of the dotTEST Action TODO: Prepare shot yaml example / add link to example -[Run dotTEST Action project](https://github.com/parasoft/run-dottest-action) -[Run dotTEST Action @ GitHub Marketplace](https://github.com/marketplace/actions/run-parasoft-dottest) +See [Run dotTEST Action @ GitHub Marketplace](https://github.com/marketplace/actions/run-parasoft-dottest) for details regarding configuration and usage. +See also [Run dotTEST Action project](https://github.com/parasoft/run-dottest-action). + +### Autofix in CI/CD Using Aider -### Autofix in CI/CD with Aider +`DottestAutoFix` is a Python-based script that leverages AI-powered code analysis to automatically fix dotTEST violations in your .NET projects, based on a generated analysis report. Once a fix is applied, the plugin validates it using `dottestcli` and then creates a pull request in your project repository. +The following example shows simple Autofix execution: +```batch +@REM Execute autofix with recommended settings +python DottestAutoFix.py ^ + --report ".dottest/report/report.xml" ^ + --max-attempts 3 ^ + --solution BankExample.sln ^ + --tool-home "C:\Program Files\Parasoft\dotTEST\2025.2" +``` -TODO: Describe shortly what is the Autofix feature -TODO: Add short yaml script snippet +See **LINK** for details regarding Autofix configuration and usage. TODO: Add link to official documentation describing this feature ## WebGoat.NET version 0.3 -### Build status +### Build Status ![build .NET 8](https://github.com/tobyash86/WebGoat.NET/workflows/build%20.NET%208/badge.svg) -### The next generation of the WebGoat example project to demonstrate OWASP TOP 10 vulnerabilities +### The Next-Generation WebGoat Example Project Demonstrating OWASP Top 10 Vulnerabilities This is a re-implementation of the original [WebGoat project for .NET](https://github.com/rappayne/WebGoat.NET). -This web application is a learning platform that attempts to teach about +This web application is a learning platform that attempts to explain common web security flaws. It contains generic security flaws that apply to most web applications. It also includes lessons that specifically pertain to -the .NET framework. The exercises in this app are intended to teach about -web security attacks and how developers can overcome them. +the .NET framework. The exercises in this app are intended to demonstrate +web security attacks and show how developers can overcome them. #### WARNING!: THIS WEB APPLICATION CONTAINS NUMEROUS SECURITY VULNERABILITIES -WHICH WILL RENDER YOUR COMPUTER VERY INSECURE WHILE RUNNING! IT IS HIGHLY -RECOMMENDED TO COMPLETELY DISCONNECT YOUR COMPUTER FROM ALL NETWORKS WHILE -RUNNING! +WHICH WILL RENDER YOUR COMPUTER VERY INSECURE WHILE RUNNING. IT IS HIGHLY +RECOMMENDED TO COMPLETELY DISCONNECT YOUR COMPUTER FROM ALL NETWORKS DURING USE. #### Notes: - Google Chrome performs filtering for reflected XSS attacks. These attacks - will not work unless Chrome is run with the argument + will not execute unless Chrome is run with the argument `--disable-xss-auditor`. ### Requirements - .NET 8 SDK -### How to build and run +### Building and Running the WebGoat.NET Example -#### 1. Running in a Docker container +#### 1. Running the Example in a Docker Container The provided Dockerfile is compatible with both Linux and Windows containers. To build a Docker image, execute the following command: @@ -76,7 +86,7 @@ docker build --pull --rm -t webgoat.net . Please note that the Linux image is already built by the pipeline and can be pulled from [here](https://github.com/users/tobyash86/packages?repo_name=WebGoat.NET). -##### Linux containers +##### Linux Containers To run the `webgoat.net` image, execute the following command: @@ -86,9 +96,9 @@ docker run --rm -d -p 5000:80 --name webgoat.net webgoat.net The WebGoat.NET website should be accessible at http://localhost:5000. -##### Windows containers +##### Windows Containers -To run `webgoat.net` image, execute the following command: +To run the `webgoat.net` image, execute the following command: ```sh docker run --rm --name webgoat.net webgoat.net @@ -113,7 +123,7 @@ Ethernet adapter Ethernet: In the above example, you can access the WebGoat.NETCore website at http://172.29.245.43. -##### Stopping Docker container +##### Stopping the Docker Container To stop the `webgoat.net` container, execute the following command: @@ -121,9 +131,9 @@ To stop the `webgoat.net` container, execute the following command: docker stop webgoat.net ``` -#### 2. Run locally using dotnet.exe (Kestrel) +#### 2. Running the Example Locally Using dotnet.exe (Kestrel) -1. Build and publish WebGoat.NET with the following command: +1. Build and publish WebGoat.NET using the following command: ```sh dotnet publish -c release -o ./app @@ -131,7 +141,7 @@ dotnet publish -c release -o ./app The web application will be deployed to the `app` folder in the current directory. -2. Execute the web application on localhost with the following command: +2. Execute the web application on localhost using the following command: ```sh dotnet ./app/WebGoat.NET.dll --urls=http://localhost:5000 @@ -139,17 +149,18 @@ dotnet ./app/WebGoat.NET.dll --urls=http://localhost:5000 The WebGoat.NET website will be accessible at the URL specified with the `--urls` parameter: http://localhost:5000. -#### 3. Run using a script -The WebGoat.NET project ships with scripts that allow you to conveniently run the web application. The following scripts are located in the "script" directory in the root of the project: -- runInDocker.bat - Runs the application in a Docker container on Windows. -- runInDocker.sh - Runs the application in a Docker container on Linux. -- runLocal.bat - Runs the application locally on Windows. -- runLocal.sh - Runs the application locally on Linux. +#### 3. Running the Example Using a Script +The WebGoat.NET project ships with scripts that allow you to conveniently run the web application. The following scripts are located in the `script` directory at the root of the project: +- runInDocker.bat - runs the application in a Docker container on Windows. +- runInDocker.sh - runs the application in a Docker container on Linux. +- runLocal.bat - runs the application locally on Windows. +- runLocal.sh - runs the application locally on Linux. + +### Known Issues: -### Known issues: +1. The latest OWASP Top 10 is not covered. The missing vulnerabilities need to be added to the codebase. +2. Educational documents and training materials for any categories of the latest OWASP Top 10 are not available. -1. The latest OWASP Top 10 is not covered. The uncovered vulnerabilities need to be added to the code base. -2. Educational documents/trainings for any categories of the latest OWASP Top 10 are not available. From e6297e7b224de0b450150688ba1b0e459e5dc47b Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Wed, 24 Sep 2025 16:19:54 +0200 Subject: [PATCH 6/9] Update readme.md Fixed minor issues. Added links --- readme.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/readme.md b/readme.md index 558da84..0638107 100644 --- a/readme.md +++ b/readme.md @@ -15,14 +15,12 @@ This example shows the following dotTEST capabilities: ### Static Analysis -Static analysis and flow analysis help you verify code quality and ensure compliance with industry standards, such as CWE or OWASP. Static analysis is a software testing method done by examining the source code without executing it to detect errors, vulnerabilities, and violations of coding standards. Flow analysis refers to the examination and evaluation of data or control flow within a program or system to identify potential issues such as resource leaks, dead code, security vulnerabilities, or performance bottlenecks. +Static analysis and flow analysis help you verify code quality and ensure compliance with industry standards, such as CWE or OWASP. Static analysis is a software testing method that examines the source code without executing it to detect errors, vulnerabilities, and violations of coding standards. Flow analysis refers to the examination and evaluation of data or control flow within a program or system to identify potential issues such as resource leaks, dead code, security vulnerabilities, or performance bottlenecks. See [Parasoft dotTEST User Guide](https://docs.parasoft.com/display/DOTTEST20251) for details regarding static and flow analysis with dotTEST as well as other dotTEST capabilities. ### Run Parasoft dotTEST GitHub Action -The `Run Parasoft dotTEST` action enables you to run code analysis with dotTEST and review analysis results directly on GitHub. To launch code analysis with dotTEST, add the `Run Parasoft dotTEST` action to your GitHub workflow. The following example shows a simple workflow made up of one job "run-dottest-action": - -TODO: Prepare shot yaml example / add link to example +The `Run Parasoft dotTEST` action enables you to run code analysis with dotTEST and review analysis results directly on GitHub. To launch code analysis with dotTEST, add the `Run Parasoft dotTEST` action to your GitHub workflow. [The example](https://github.com/parasoft/run-dottest-action/blob/master/samples/run-dottest-analyzer-template.yml) illustrates a simple workflow consisting of one job "run-dottest-action". See [Run dotTEST Action @ GitHub Marketplace](https://github.com/marketplace/actions/run-parasoft-dottest) for details regarding configuration and usage. See also [Run dotTEST Action project](https://github.com/parasoft/run-dottest-action). @@ -31,7 +29,7 @@ See also [Run dotTEST Action project](https://github.com/parasoft/run-dottest-ac ### Autofix in CI/CD Using Aider `DottestAutoFix` is a Python-based script that leverages AI-powered code analysis to automatically fix dotTEST violations in your .NET projects, based on a generated analysis report. Once a fix is applied, the plugin validates it using `dottestcli` and then creates a pull request in your project repository. -The following example shows simple Autofix execution: +The following example shows a simple Autofix execution: ```batch @REM Execute autofix with recommended settings python DottestAutoFix.py ^ @@ -41,7 +39,7 @@ python DottestAutoFix.py ^ --tool-home "C:\Program Files\Parasoft\dotTEST\2025.2" ``` -See **LINK** for details regarding Autofix configuration and usage. +See [**LINK**](https://docs.parasoft.com/display/DOTTEST20252/Fixing+Violations+Using+Autofix) for details regarding Autofix configuration and usage. TODO: Add link to official documentation describing this feature ## WebGoat.NET version 0.3 @@ -167,3 +165,4 @@ The WebGoat.NET project ships with scripts that allow you to conveniently run th + From 7777266b295e393462d72490d7dd18f94aa081e8 Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Wed, 24 Sep 2025 16:40:02 +0200 Subject: [PATCH 7/9] Fix docs version --- readme.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 0638107..c1282d9 100644 --- a/readme.md +++ b/readme.md @@ -16,7 +16,7 @@ This example shows the following dotTEST capabilities: ### Static Analysis Static analysis and flow analysis help you verify code quality and ensure compliance with industry standards, such as CWE or OWASP. Static analysis is a software testing method that examines the source code without executing it to detect errors, vulnerabilities, and violations of coding standards. Flow analysis refers to the examination and evaluation of data or control flow within a program or system to identify potential issues such as resource leaks, dead code, security vulnerabilities, or performance bottlenecks. -See [Parasoft dotTEST User Guide](https://docs.parasoft.com/display/DOTTEST20251) for details regarding static and flow analysis with dotTEST as well as other dotTEST capabilities. +See [Parasoft dotTEST User Guide](https://docs.parasoft.com/display/DOTTEST20252) for details regarding static and flow analysis with dotTEST as well as other dotTEST capabilities. ### Run Parasoft dotTEST GitHub Action @@ -166,3 +166,4 @@ The WebGoat.NET project ships with scripts that allow you to conveniently run th + From 776fc45fc46c7ddef2abaf44029425f6c4e43c42 Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Wed, 24 Sep 2025 16:43:25 +0200 Subject: [PATCH 8/9] Fix info about pull request made by Aider --- readme.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index c1282d9..037aa2a 100644 --- a/readme.md +++ b/readme.md @@ -28,7 +28,7 @@ See also [Run dotTEST Action project](https://github.com/parasoft/run-dottest-ac ### Autofix in CI/CD Using Aider -`DottestAutoFix` is a Python-based script that leverages AI-powered code analysis to automatically fix dotTEST violations in your .NET projects, based on a generated analysis report. Once a fix is applied, the plugin validates it using `dottestcli` and then creates a pull request in your project repository. +`DottestAutoFix` is a Python-based script that leverages AI-powered code analysis to automatically fix dotTEST violations in your .NET projects, based on a generated analysis report. Once a fix is applied, the plugin validates it using `dottestcli` and then adds a commit to the current branch in your project repository. The following example shows a simple Autofix execution: ```batch @REM Execute autofix with recommended settings @@ -167,3 +167,4 @@ The WebGoat.NET project ships with scripts that allow you to conveniently run th + From c4f83442599ef07415137b9b0b946419eed4632d Mon Sep 17 00:00:00 2001 From: tobyash86 <34890669+tobyash86@users.noreply.github.com> Date: Wed, 24 Sep 2025 16:45:11 +0200 Subject: [PATCH 9/9] Fix TODO comment --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 037aa2a..74c699c 100644 --- a/readme.md +++ b/readme.md @@ -39,8 +39,7 @@ python DottestAutoFix.py ^ --tool-home "C:\Program Files\Parasoft\dotTEST\2025.2" ``` -See [**LINK**](https://docs.parasoft.com/display/DOTTEST20252/Fixing+Violations+Using+Autofix) for details regarding Autofix configuration and usage. -TODO: Add link to official documentation describing this feature +See [**LINK**](https://docs.parasoft.com/display/DOTTEST20252/Fixing+Violations+Using+AI+Autofix) for details regarding Autofix configuration and usage. ## WebGoat.NET version 0.3 @@ -168,3 +167,4 @@ The WebGoat.NET project ships with scripts that allow you to conveniently run th +