Dima2021 / DemoCorp

Other
0 stars 0 forks source link

Code Security Report: 24 high severity findings, 32 total findings #24

Open mend-for-github-com[bot] opened 5 months ago

mend-for-github-com[bot] commented 5 months ago

Code Security Report

Scan Metadata

Latest Scan: 2024-05-20 02:11pm Total Findings: 32 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 429 Detected Programming Languages: 2 (JavaScript / TypeScript, Java)

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

SeverityVulnerability TypeCWEFileData FlowsDate
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson5b.java:86](https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L86) 12024-05-20 01:52am
Vulnerable Code https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L81-L86
1 Data Flow/s detected
https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L55 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L58 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L61 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L62 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L65 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L86
Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos    ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading    ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html)    ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)    ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)
 
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson9.java:76](https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L76) 12024-05-20 01:52am
Vulnerable Code https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L71-L76
1 Data Flow/s detected
https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L60 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L61 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L64 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L67 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L75 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L147 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L75 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java#L76
Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos    ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading    ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html)    ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)    ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)
 
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson5a.java:67](https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L67) 12024-05-20 01:52am
Vulnerable Code https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L62-L67
1 Data Flow/s detected
https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L54 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L56 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L59 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L63 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L67
Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos    ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading    ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html)    ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)    ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)
 
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionChallenge.java:69](https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L69) 12024-05-20 01:52am
Vulnerable Code https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L64-L69
1 Data Flow/s detected
https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L56 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L67 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L69
Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos    ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading    ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html)    ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)    ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)
 
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [Servers.java:72](https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L72) 12024-05-20 01:52am
Vulnerable Code https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L67-L72
1 Data Flow/s detected
https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L67 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L73 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L72
Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos    ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading    ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html)    ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)    ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)
 
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [Assignment5.java:60](https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L60) 12024-05-20 01:52am
Vulnerable Code https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L55-L60
1 Data Flow/s detected
https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L50 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L61 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L60
Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos    ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading    ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html)    ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)    ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)
 
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson6a.java:74](https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74) 32024-05-20 01:52am
Vulnerable Code https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L69-L74
3 Data Flow/s detected
View Data Flow 1 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java#L47 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java#L51 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74
View Data Flow 2 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L57 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74
View Data Flow 3 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L51 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L53 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L57 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74
Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos    ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading    ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html)    ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)    ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)
 
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson10.java:71](https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71) 12024-05-20 01:52am
Vulnerable Code https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L66-L71
1 Data Flow/s detected
https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L58 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L59 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L62 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L64 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71
Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos    ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading    ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html)    ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)    ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)
 
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson3.java:63](https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L63) 12024-05-20 01:52am
Vulnerable Code https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L58-L63
1 Data Flow/s detected
https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L53 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L54 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L57 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L63
Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos    ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading    ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html)    ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)    ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)
 
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson4.java:62](https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L62) 12024-05-20 01:52am
Vulnerable Code https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L57-L62
1 Data Flow/s detected
https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L54 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L55 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L58 https://github.com/Dima2021/DemoCorp/blob/e4ed0ef7ba53a628d1a3ec4d1307c4e94dae0e82/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L62
Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos    ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading    ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html)    ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)    ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

Findings Overview

Severity Vulnerability Type CWE Language Count
High SQL Injection CWE-89 Java* 14
High Deserialization of Untrusted Data CWE-502 Java* 2
High Path/Directory Traversal CWE-22 Java* 6
High Server Side Request Forgery CWE-918 Java* 2
Medium XML External Entity (XXE) Injection CWE-611 Java* 1
Medium Error Messages Information Exposure CWE-209 Java* 4
Low System Properties Disclosure CWE-497 Java* 1
Low Weak Hash Strength CWE-328 Java* 1
Low Log Forging CWE-117 Java* 1