Code Security Report

Scan Metadata

Latest Scan: 2024-09-24 12:26am Total Findings: 32 | New Findings: 0 | Resolved Findings: 1 Tested Project Files: 420 Detected Programming Languages: 2 (JavaScript / TypeScript*, Java*)

[ ] Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Automatic Remediation Available (10)

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5a.java:67](https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L67)	1	2024-07-24 01:41pm
Vulnerable Code https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L62-L67 1 Data Flow/s detected https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L54 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L56 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L59 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L63 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L67 :rescue_worker_helmet: Remediation Suggestion https://github.com/hughcdemocorp-mend/WebGoat3/blob/af77fe2a8a3025445106634fb8bca51633d44d1b/diffs/5eb653a7-184a-435c-b18e-0b08032e48bf/SqlInjectionLesson5a.java.diff#L1-L146 - [ ] Create pull request into main Remediation feedback: - [ ] :thumbsup: Like - [ ] :thumbsdown: Dislike Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson3.java:63](https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L63)	1	2024-07-24 01:41pm
Vulnerable Code https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L58-L63 1 Data Flow/s detected https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L53 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L54 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L57 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L63 :rescue_worker_helmet: Remediation Suggestion https://github.com/hughcdemocorp-mend/WebGoat3/blob/a20499ec7858406ba0c0336943714a554c6d0779/diffs/d1bb7939-f357-47bb-9acd-998b327b0155/SqlInjectionLesson3.java.diff#L1-L100 - [ ] Create pull request into main Remediation feedback: - [ ] :thumbsup: Like - [ ] :thumbsdown: Dislike Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson10.java:71](https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71)	1	2024-07-24 01:41pm
Vulnerable Code https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L66-L71 1 Data Flow/s detected https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L58 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L59 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L62 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L64 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71 :rescue_worker_helmet: Remediation Suggestion https://github.com/hughcdemocorp-mend/WebGoat3/blob/7cd08393424b16c7a81ba177007f6342f148a373/diffs/d7bc6f2a-130f-4625-8ac0-72ead7fb1c61/SqlInjectionLesson10.java.diff#L1-L139 - [ ] Create pull request into main Remediation feedback: - [ ] :thumbsup: Like - [ ] :thumbsdown: Dislike Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5b.java:86](https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L86)	1	2024-07-24 01:41pm
Vulnerable Code https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L81-L86 1 Data Flow/s detected https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L55 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L58 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L61 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L62 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L65 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L86 :rescue_worker_helmet: Remediation Suggestion https://github.com/hughcdemocorp-mend/WebGoat3/blob/1198e8c891f1e4adbb3d7598568a1b3f923cfb10/diffs/a18d460e-ac55-4f25-a2dc-b162e2005be3/SqlInjectionLesson5b.java.diff#L1-L142 - [ ] Create pull request into main Remediation feedback: - [ ] :thumbsup: Like - [ ] :thumbsdown: Dislike Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[Assignment5.java:60](https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L60)	1	2024-07-24 01:41pm
Vulnerable Code https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L55-L60 1 Data Flow/s detected https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L50 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L61 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L60 :rescue_worker_helmet: Remediation Suggestion https://github.com/hughcdemocorp-mend/WebGoat3/blob/769f2abae88804434340cddb122ccd804cc93878/diffs/6d552cbb-4fc4-4dc6-88e0-00623539c100/Assignment5.java.diff#L1-L84 - [ ] Create pull request into main Remediation feedback: - [ ] :thumbsup: Like - [ ] :thumbsdown: Dislike Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson2.java:65](https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L65)	1	2024-07-24 01:41pm
Vulnerable Code https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L60-L65 1 Data Flow/s detected https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L58 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L59 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L62 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L65 :rescue_worker_helmet: Remediation Suggestion https://github.com/hughcdemocorp-mend/WebGoat3/blob/08c65a7ac8d5280f98ecd9c20182fa809b80467e/diffs/5590a43a-0349-4d84-8c92-c9c8f8d92426/SqlInjectionLesson2.java.diff#L1-L97 - [ ] Create pull request into main Remediation feedback: - [ ] :thumbsup: Like - [ ] :thumbsdown: Dislike Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson6a.java:74](https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74)	3	2024-07-24 01:41pm
Vulnerable Code https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L69-L74 3 Data Flow/s detected View Data Flow 1 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L51 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L53 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L57 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74 View Data Flow 2 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L57 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74 View Data Flow 3 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java#L47 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java#L51 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74 :rescue_worker_helmet: Remediation Suggestion https://github.com/hughcdemocorp-mend/WebGoat3/blob/e9386bd18fd7071290f88b33a3726f35616070a9/diffs/4544c1f9-0f11-470e-8ee8-8e5403dc2441/SqlInjectionLesson6a.java.diff#L1-L127 - [ ] Create pull request into main Remediation feedback: - [ ] :thumbsup: Like - [ ] :thumbsdown: Dislike Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[Servers.java:72](https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L72)	1	2024-07-24 01:41pm
Vulnerable Code https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L67-L72 1 Data Flow/s detected https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L67 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L73 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L72 :rescue_worker_helmet: Remediation Suggestion https://github.com/hughcdemocorp-mend/WebGoat3/blob/10df34cb8ed5dfa0f0fd353007aee71b525b19d7/diffs/58b56106-6884-46f1-885c-077f8c679d2c/Servers.java.diff#L1-L106 - [ ] Create pull request into main Remediation feedback: - [ ] :thumbsup: Like - [ ] :thumbsdown: Dislike Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionLesson5.java:80](https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L80)	1	2024-07-24 01:41pm
Vulnerable Code https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L75-L80 1 Data Flow/s detected https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L70 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L72 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L75 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L80 :rescue_worker_helmet: Remediation Suggestion https://github.com/hughcdemocorp-mend/WebGoat3/blob/f2e4d9f457beb678adf0bf08dfd97333ce807d2c/diffs/ad3e40be-cb05-45c8-aab9-8f4206dc5a5c/SqlInjectionLesson5.java.diff#L1-L134 - [ ] Create pull request into main Remediation feedback: - [ ] :thumbsup: Like - [ ] :thumbsdown: Dislike Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SqlInjectionChallenge.java:69](https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L69)	1	2024-07-24 01:41pm
Vulnerable Code https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L64-L69 1 Data Flow/s detected https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L56 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L67 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L69 :rescue_worker_helmet: Remediation Suggestion https://github.com/hughcdemocorp-mend/WebGoat3/blob/beeb9ac75bcf3330c168309e39be34057dc3324e/diffs/89870f92-30c5-45fd-937e-bc510bc1cf9b/SqlInjectionChallenge.java.diff#L1-L114 - [ ] Create pull request into main Remediation feedback: - [ ] :thumbsup: Like - [ ] :thumbsdown: Dislike Secure Code Warrior Training Material ● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	SQL Injection	CWE-89	Java*	13
High	Deserialization of Untrusted Data	CWE-502	Java*	2
High	Path/Directory Traversal	CWE-22	Java*	7
High	Server Side Request Forgery	CWE-918	Java*	2
Medium	XML External Entity (XXE) Injection	CWE-611	Java*	1
Medium	Error Messages Information Exposure	CWE-209	Java*	4
Low	System Properties Disclosure	CWE-497	Java*	1
Low	Weak Hash Strength	CWE-328	Java*	1
Low	Log Forging	CWE-117	Java*	1

hughcdemocorp-mend / WebGoat3

Code Security Report: 24 high severity findings, 32 total findings #5

Code Security Report

Scan Metadata

Most Relevant Findings

Automatic Remediation Available (10)

Findings Overview