Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add "Hence This is Not a Flaw" Joke/Real Story to the book #434

Open
securestep9 opened this issue Mar 8, 2017 · 1 comment
Open

Add "Hence This is Not a Flaw" Joke/Real Story to the book #434

securestep9 opened this issue Mar 8, 2017 · 1 comment
Labels
content-fixes

Comments

@securestep9
Copy link

Outsourced Development Team's response on SQL Injection and Cross-Site Scripting flaws found by a SAST source code scan (real story, major bank):

"We have investigated the below mentioned flaws for XYZ-New application and below are the respective comments,

FLAW: CWE ID:89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - 10 flaws
Comment: Using JDBC technology of java as provided by Oracle Corp., there is a predefined method called executeQuery() which is used to execute SQL statements in database through java. Hence this is not a flaw.

FLAW: CWE ID:80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - 325 flaws

Comment: With the help of Servlet technology, there is a predefined class- PrintWriter in java which is used to print HTML content in a webpage. Hence this is not a flaw."
@DinisCruz
Copy link
Owner

nice :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
content-fixes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DinisCruz @securestep9