search

adeysadams / Adeys-Repository-

0 stars 0 forks source link

Security Issue #1

Open adeysadams opened 3 years ago

adeysadams commented 3 years ago

SQL Injection vulnerability on line 100. Please use SCW Training if needed.

secure-code-warrior-for-github[bot] commented 3 years ago

Micro-Learning Topic: SQL Injection (CWE 89)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Examine code which interacts with relational databases and identify how each statement or query is constructed. Check if any statements are built by joining strings with external inputs and trace these data flows to see whether proper filtering or encoding was performed. Determine if special characters (such as single quotes) and keywords (such as SELECT or DROP) supplied in inputs can affect the statement that is constructed.

Level-up your secure coding prowess with language and framework specific gamified training.

Train Now

Thank you for participating in Secure Code Warrior Private Labs. Labs is where our more courageous warriors can play around with early releases of our new and exciting features.

secure-code-warrior-for-github[bot] commented 3 years ago

Micro-Learning Topic: SQL Injection (Detected by phrase)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Examine code which interacts with relational databases and identify how each statement or query is constructed. Check if any statements are built by joining strings with external inputs and trace these data flows to see whether proper filtering or encoding was performed. Determine if special characters (such as single quotes) and keywords (such as SELECT or DROP) supplied in inputs can affect the statement that is constructed.

Level-up your secure coding prowess with language and framework specific gamified training.

Train Now

Thank you for participating in Secure Code Warrior Private Labs. Labs is where our more courageous warriors can play around with early releases of our new and exciting features.