Updated Lab 9

labs/lab09-riskanalysis.md

@@ -34,6 +34,4 @@ Table shall be submitted in one PDF file.
 
 Important: be sure to review the CTF game source code as there are other vulnerabilities that were not visible via playing game.
 
-**OPTIONAL HIGHLY RECOMMEND +0.1 BONUS.** Create and run a static analysis scan of either (1) the Capture The Flags (CTF) game files or (2) an application of your choice, such as your own C/C++, iOS, or Android app using Veracode's Static Analysis tool via https://web.analysiscenter.veracode.com/. Email me if you want an account (free academic license). Please consult with Help (the question mark icon on upper-right corner of screen) for instructions on how to package your application for submission for static analysis scan.
-
-Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, the company provides an automated cloud-based service for securing web, mobile and third-party enterprise applications. Veracode was co-founded by friend, mentor, and cyber security luminary Chris Wysopal a.k.a., "Weld Pond" --read https://www.washingtonpost.com/sf/business/2015/06/22/net-of-insecurity-part-3/. Veracode is a commercial product but Chris and his team has granted me academic license since fall 2013. Please also read his guest lecture notes (from spring 2012) at https://cs116.org/readings/static-binary-analysis-wysopal-tufts-comp-116.pdf.
+**OPTIONAL HIGHLY RECOMMEND +0.1 BONUS.** Create and run a static analysis scan of the Capture The Flags (CTF) game files using any static analysis tool of your choice (e.g., one listed here https://github.com/exakat/php-static-analysis-tools Links to an external site.).  In order to receive bonus, you must post a screenshot and a brief review of static analysis tool that you used on existing thread "Post Your Static Analysis Tool Screenshot / Review Here..." on the CS 116 Piazza.