SQL Parameterized Query

This article is all about Sql Parameterized query What is Sql Parameters? Sql parameters are like program method parameters. We pass param to get filtered result.Example:“select * from teacher where name=”+ @name Here @name is parameter. This sql query will return data from teacher table where name will match to the specified value. Why we …

Most common flaws reported by Secure Static Code Analyser

Most common flaws reported by Secure Static Code Analyser

Below are the most common vulnerabilities reported by SAST tools like Veracode, Fortify, IBM Appscan Source and Checkmarx. Critical/ High¬† SQL Injection Directory Traversal Cross-Site Scripting (XSS) Insufficient Input Validation CRLF Injection Time and State Session Fixation Code Quality Encapsulation Information Leakage API Abuse Cryptographic Issues Credentials Management Command or Argument Injection Untrusted Search Path …