Code Security Report

Scan Metadata

Latest Scan: 2024-03-25 01:50pm Total Findings: 31 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 428 Detected Programming Languages: 2 (Java, JavaScript / TypeScript)

[ ] Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5.java:80](https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L80)	1	2024-03-25 01:51pm
Vulnerable Code https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L75-L80 1 Data Flow/s detected https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L70 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L72 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L75 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L80 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[Assignment5.java:60](https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L60)	1	2024-03-25 01:51pm
Vulnerable Code https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L55-L60 1 Data Flow/s detected https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L50 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L61 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L60 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5b.java:86](https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L86)	1	2024-03-25 01:51pm
Vulnerable Code https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L81-L86 1 Data Flow/s detected https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L55 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L58 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L61 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L62 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L65 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L86 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson6a.java:74](https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74)	3	2024-03-25 01:51pm
Vulnerable Code https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L69-L74 3 Data Flow/s detected View Data Flow 1 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java#L47 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java#L51 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74 View Data Flow 2 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L57 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74 View Data Flow 3 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L51 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L53 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L57 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[Servers.java:72](https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L72)	1	2024-03-25 01:51pm
Vulnerable Code https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L67-L72 1 Data Flow/s detected https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L67 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L73 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L72 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson8.java:78](https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L78)	1	2024-03-25 01:51pm
Vulnerable Code https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L73-L78 1 Data Flow/s detected https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L59 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L60 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L63 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L66 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L77 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L147 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L77 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java#L78 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson10.java:71](https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71)	1	2024-03-25 01:51pm
Vulnerable Code https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L66-L71 1 Data Flow/s detected https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L58 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L59 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L62 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L64 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson2.java:65](https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L65)	1	2024-03-25 01:51pm
Vulnerable Code https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L60-L65 1 Data Flow/s detected https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L58 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L59 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L62 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L65 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson4.java:62](https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L62)	1	2024-03-25 01:51pm
Vulnerable Code https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L57-L62 1 Data Flow/s detected https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L54 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L55 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L58 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java#L62 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionChallenge.java:69](https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L69)	1	2024-03-25 01:51pm
Vulnerable Code https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L64-L69 1 Data Flow/s detected https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L56 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L67 https://github.com/hugh-mend/WebGoat-LVP/blob/a9c6ff5b8528dc52e76f51332361ce7535366995/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L69 Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Path/Directory Traversal	CWE-22	Java*	6
High	SQL Injection	CWE-89	Java*	14
High	Deserialization of Untrusted Data	CWE-502	Java*	1
High	Server Side Request Forgery	CWE-918	Java*	2
Medium	Error Messages Information Exposure	CWE-209	Java*	4
Medium	XML External Entity (XXE) Injection	CWE-611	Java*	1
Low	System Properties Disclosure	CWE-497	Java*	1
Low	Weak Hash Strength	CWE-328	Java*	1
Low	Log Forging	CWE-117	Java*	1

hugh-mend / WebGoat-LVP

Code Security Report: 23 high severity findings, 31 total findings #2

Code Security Report

Scan Metadata

Most Relevant Findings

Findings Overview