Skip to main content

Example of Scan Results in Visual Studio

The following is an example of scan results in Visual Studio showing SQL Injection vulnerability instances. A developer looks at the CxViewer Tree, and sees that the code contains 66 (!) instances of SQL Injection:


An SQL Injection vulnerability exists when user input is used in the syntax of an SQL query. Since those inputs could be interpreted as SQL syntax rather than user input, a user could manipulate the input in a way as to alter query logic, potentially bypassing security checks and modifying the database, including the execution of system commands and proceeds as follows:

  • Getting an overview of all 66 instances as illustrated below.

  • Focussing on the red-bordered element at the top of a large part of the graph. It looks like by securing that point in the code, most of the vulnerability instances get eliminated.

  • Zooming in on and clicking the red-bordered element, so as to see its code in the context as illustrated below. The developer can now secure the code.