Open mend-for-github-com[bot] opened 7 months ago
Latest Scan: 2024-09-24 12:26am Total Findings: 32 | New Findings: 0 | Resolved Findings: 1 Tested Project Files: 420 Detected Programming Languages: 2 (JavaScript / TypeScript*, Java*)
The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.
Code Security Report
Scan Metadata
Latest Scan: 2024-09-24 12:26am Total Findings: 32 | New Findings: 0 | Resolved Findings: 1 Tested Project Files: 420 Detected Programming Languages: 2 (JavaScript / TypeScript*, Java*)
Most Relevant Findings
Automatic Remediation Available (10)
Vulnerable Code
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L62-L671 Data Flow/s detected
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L54 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L56 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L59 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L63 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java#L67:rescue_worker_helmet: Remediation Suggestion
https://github.com/hughcdemocorp-mend/WebGoat3/blob/af77fe2a8a3025445106634fb8bca51633d44d1b/diffs/5eb653a7-184a-435c-b18e-0b08032e48bf/SqlInjectionLesson5a.java.diff#L1-L146 - [ ] Create pull request into main **Remediation feedback:** - [ ] :thumbsup: Like - [ ] :thumbsdown: DislikeSecure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Vulnerable Code
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L58-L631 Data Flow/s detected
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L53 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L54 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L57 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java#L63:rescue_worker_helmet: Remediation Suggestion
https://github.com/hughcdemocorp-mend/WebGoat3/blob/a20499ec7858406ba0c0336943714a554c6d0779/diffs/d1bb7939-f357-47bb-9acd-998b327b0155/SqlInjectionLesson3.java.diff#L1-L100 - [ ] Create pull request into main **Remediation feedback:** - [ ] :thumbsup: Like - [ ] :thumbsdown: DislikeSecure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Vulnerable Code
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L66-L711 Data Flow/s detected
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L58 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L59 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L62 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L64 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java#L71:rescue_worker_helmet: Remediation Suggestion
https://github.com/hughcdemocorp-mend/WebGoat3/blob/7cd08393424b16c7a81ba177007f6342f148a373/diffs/d7bc6f2a-130f-4625-8ac0-72ead7fb1c61/SqlInjectionLesson10.java.diff#L1-L139 - [ ] Create pull request into main **Remediation feedback:** - [ ] :thumbsup: Like - [ ] :thumbsdown: DislikeSecure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Vulnerable Code
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L81-L861 Data Flow/s detected
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L55 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L58 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L61 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L62 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L65 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java#L86:rescue_worker_helmet: Remediation Suggestion
https://github.com/hughcdemocorp-mend/WebGoat3/blob/1198e8c891f1e4adbb3d7598568a1b3f923cfb10/diffs/a18d460e-ac55-4f25-a2dc-b162e2005be3/SqlInjectionLesson5b.java.diff#L1-L142 - [ ] Create pull request into main **Remediation feedback:** - [ ] :thumbsup: Like - [ ] :thumbsdown: DislikeSecure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Vulnerable Code
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L55-L601 Data Flow/s detected
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L50 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L61 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L60:rescue_worker_helmet: Remediation Suggestion
https://github.com/hughcdemocorp-mend/WebGoat3/blob/769f2abae88804434340cddb122ccd804cc93878/diffs/6d552cbb-4fc4-4dc6-88e0-00623539c100/Assignment5.java.diff#L1-L84 - [ ] Create pull request into main **Remediation feedback:** - [ ] :thumbsup: Like - [ ] :thumbsdown: DislikeSecure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Vulnerable Code
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L60-L651 Data Flow/s detected
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L58 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L59 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L62 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java#L65:rescue_worker_helmet: Remediation Suggestion
https://github.com/hughcdemocorp-mend/WebGoat3/blob/08c65a7ac8d5280f98ecd9c20182fa809b80467e/diffs/5590a43a-0349-4d84-8c92-c9c8f8d92426/SqlInjectionLesson2.java.diff#L1-L97 - [ ] Create pull request into main **Remediation feedback:** - [ ] :thumbsup: Like - [ ] :thumbsdown: DislikeSecure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Vulnerable Code
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L69-L743 Data Flow/s detected
View Data Flow 1
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L51 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L53 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java#L57 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74View Data Flow 2
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L57 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74View Data Flow 3
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java#L47 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java#L51 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L62 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L66 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java#L74:rescue_worker_helmet: Remediation Suggestion
https://github.com/hughcdemocorp-mend/WebGoat3/blob/e9386bd18fd7071290f88b33a3726f35616070a9/diffs/4544c1f9-0f11-470e-8ee8-8e5403dc2441/SqlInjectionLesson6a.java.diff#L1-L127 - [ ] Create pull request into main **Remediation feedback:** - [ ] :thumbsup: Like - [ ] :thumbsdown: DislikeSecure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Vulnerable Code
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L67-L721 Data Flow/s detected
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L67 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L73 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java#L72:rescue_worker_helmet: Remediation Suggestion
https://github.com/hughcdemocorp-mend/WebGoat3/blob/10df34cb8ed5dfa0f0fd353007aee71b525b19d7/diffs/58b56106-6884-46f1-885c-077f8c679d2c/Servers.java.diff#L1-L106 - [ ] Create pull request into main **Remediation feedback:** - [ ] :thumbsup: Like - [ ] :thumbsdown: DislikeSecure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Vulnerable Code
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L75-L801 Data Flow/s detected
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L70 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L72 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L75 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java#L80:rescue_worker_helmet: Remediation Suggestion
https://github.com/hughcdemocorp-mend/WebGoat3/blob/f2e4d9f457beb678adf0bf08dfd97333ce807d2c/diffs/ad3e40be-cb05-45c8-aab9-8f4206dc5a5c/SqlInjectionLesson5.java.diff#L1-L134 - [ ] Create pull request into main **Remediation feedback:** - [ ] :thumbsup: Like - [ ] :thumbsdown: DislikeSecure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Vulnerable Code
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L64-L691 Data Flow/s detected
https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L56 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L67 https://github.com/hughcdemocorp-mend/WebGoat3/blob/99348aa8fe95c06d35b24b1b4f16417d2d597a52/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java#L69:rescue_worker_helmet: Remediation Suggestion
https://github.com/hughcdemocorp-mend/WebGoat3/blob/beeb9ac75bcf3330c168309e39be34057dc3324e/diffs/89870f92-30c5-45fd-937e-bc510bc1cf9b/SqlInjectionChallenge.java.diff#L1-L114 - [ ] Create pull request into main **Remediation feedback:** - [ ] :thumbsup: Like - [ ] :thumbsdown: DislikeSecure Code Warrior Training Material
● Training ▪ [Secure Code Warrior SQL Injection Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/sql/java/vanilla) ● Videos ▪ [Secure Code Warrior SQL Injection Video](https://media.securecodewarrior.com/v2/module_01_sql_injection.mp4) ● Further Reading ▪ [OWASP SQL Injection Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html) ▪ [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) ▪ [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)Findings Overview