Code Security Report

Scan Metadata

Latest Scan: 2024-09-23 07:58am Total Findings: 33 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 427 Detected Programming Languages: 2 (Java*, JavaScript / TypeScript*)

[ ] Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson2.java:62](https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java#L62)	1	2024-09-23 07:59am
Vulnerable Code https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java#L57-L62 1 Data Flow/s detected https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java#L55 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java#L56 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java#L59 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java#L62 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson4.java:63](https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L63)	1	2024-09-23 07:59am
Vulnerable Code https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L58-L63 1 Data Flow/s detected https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L56 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L57 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L60 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L63 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5.java:73](https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5.java#L73)	1	2024-09-23 07:59am
Vulnerable Code https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5.java#L68-L73 1 Data Flow/s detected https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5.java#L65 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5.java#L67 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5.java#L70 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5.java#L73 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5b.java:71](https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L71)	1	2024-09-23 07:59am
Vulnerable Code https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L66-L71 1 Data Flow/s detected https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L51 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L52 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L55 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L56 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L58 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L71 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[Servers.java:72](https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/Servers.java#L72)	1	2024-09-23 07:59am
Vulnerable Code https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/Servers.java#L67-L72 1 Data Flow/s detected https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/Servers.java#L68 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/Servers.java#L72 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson6a.java:67](https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L67)	3	2024-09-23 07:59am
Vulnerable Code https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L62-L67 3 Data Flow/s detected View Data Flow 1 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L51 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L52 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L60 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L67 View Data Flow 2 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidation.java#L48 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidation.java#L52 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L60 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L67 View Data Flow 3 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L48 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L49 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L53 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L60 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L67 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5a.java:62](https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L62)	1	2024-09-23 07:59am
Vulnerable Code https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L57-L62 1 Data Flow/s detected https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L53 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L54 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L57 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L60 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L62 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionChallenge.java:65](https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallenge.java#L65)	1	2024-09-23 07:59am
Vulnerable Code https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallenge.java#L60-L65 1 Data Flow/s detected https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallenge.java#L56 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallenge.java#L63 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallenge.java#L65 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson10.java:63](https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L63)	1	2024-09-23 07:59am
Vulnerable Code https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L58-L63 1 Data Flow/s detected https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L52 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L53 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L56 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L58 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L63 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson3.java:65](https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L65)	1	2024-09-23 07:59am
Vulnerable Code https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L60-L65 1 Data Flow/s detected https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L56 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L57 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L60 https://github.com/ciso-appsec-mend-evaluation/WebGoat/blob/2f91b2190cf1e2591b1ecb6381191c5dee7f1857/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L65 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	SQL Injection	CWE-89	Java*	14
High	Deserialization of Untrusted Data	CWE-502	Java*	2
High	Path/Directory Traversal	CWE-22	Java*	7
High	Server Side Request Forgery	CWE-918	Java*	2
Medium	XML External Entity (XXE) Injection	CWE-611	Java*	1
Medium	Error Messages Information Exposure	CWE-209	Java*	4
Low	System Properties Disclosure	CWE-497	Java*	1
Low	Weak Hash Strength	CWE-328	Java*	1
Low	Log Forging	CWE-117	Java*	1

ciso-appsec-mend-evaluation / WebGoat

Code Security Report: 25 high severity findings, 33 total findings #5

Code Security Report

Scan Metadata

Most Relevant Findings

Findings Overview