Code Security Report

Scan Metadata

Latest Scan: 2024-08-29 02:27am Total Findings: 34 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 423 Detected Programming Languages: 2 (Java, JavaScript / TypeScript)

[ ] Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5b.java:86](https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L86)	1	2024-08-28 07:29pm
Vulnerable Code https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L81-L86 1 Data Flow/s detected https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L55 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L58 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L61 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L62 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L65 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L86 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson4.java:62](https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L62)	1	2024-08-28 07:29pm
Vulnerable Code https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L57-L62 1 Data Flow/s detected https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L54 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L55 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L58 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L62 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson3.java:63](https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L63)	1	2024-08-28 07:29pm
Vulnerable Code https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L58-L63 1 Data Flow/s detected https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L53 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L54 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L57 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L63 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson10.java:71](https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71)	1	2024-08-28 07:29pm
Vulnerable Code https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L66-L71 1 Data Flow/s detected https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L58 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L59 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L62 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L64 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson6a.java:74](https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74)	3	2024-08-28 07:29pm
Vulnerable Code https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L69-L74 3 Data Flow/s detected View Data Flow 1 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java#L47 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java#L51 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74 View Data Flow 2 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L57 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74 View Data Flow 3 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L51 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L53 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L57 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5a.java:67](https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L67)	1	2024-08-28 07:29pm
Vulnerable Code https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L62-L67 1 Data Flow/s detected https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L54 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L56 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L59 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L63 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L67 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5.java:80](https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L80)	1	2024-08-28 07:29pm
Vulnerable Code https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L75-L80 1 Data Flow/s detected https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L70 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L72 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L75 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L80 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson2.java:65](https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L65)	1	2024-08-28 07:29pm
Vulnerable Code https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L60-L65 1 Data Flow/s detected https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L58 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L59 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L62 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L65 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionChallenge.java:69](https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L69)	1	2024-08-28 07:29pm
Vulnerable Code https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L64-L69 1 Data Flow/s detected https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L56 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L67 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L69 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[Assignment5.java:59](https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L59)	1	2024-08-28 07:29pm
Vulnerable Code https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L54-L59 1 Data Flow/s detected https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L49 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L60 https://github.com/GarySegal-Mend-Demo/WebGoat/blob/dcebd45d1ce56866dbcf7e8a9548dcd324ffab5f/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L59 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	SQL Injection	CWE-89	Java*	14
High	Deserialization of Untrusted Data	CWE-502	Java*	2
High	Path/Directory Traversal	CWE-22	Java*	7
High	Server Side Request Forgery	CWE-918	Java*	2
Medium	XML External Entity (XXE) Injection	CWE-611	Java*	1
Medium	Error Messages Information Exposure	CWE-209	Java*	4
Medium	Improper Verification of JWT Signature	CWE-347	Java*	1
Low	System Properties Disclosure	CWE-497	Java*	1
Low	Weak Hash Strength	CWE-328	Java*	1
Low	Log Forging	CWE-117	Java*	1

GarySegal-Mend-Demo / WebGoat

Code Security Report: 25 high severity findings, 34 total findings #6

Code Security Report

Scan Metadata

Most Relevant Findings

Findings Overview