Skip to main content

Example of Scan Results in Visual Studio

The following is an example of scan results in Visual Studio showing SQL Injection vulnerability instances. A developer looks at the CxViewer Tree, and sees that the code contains 66 (!) instances of SQL Injection:

1341523839.png

An SQL Injection vulnerability exists when user input is used in the syntax of an SQL query. Since those inputs could be interpreted as SQL syntax rather than user input, a user could manipulate the input in a way as to alter query logic, potentially bypassing security checks and modifying the database, including the execution of system commands and proceeds as follows:

  • Getting an overview of all 66 instances as illustrated below.

1341523843.png
  • Focussing on the red-bordered element at the top of a large part of the graph. It looks like by securing that point in the code, most of the vulnerability instances get eliminated.

  • Zooming in on and clicking the red-bordered element, so as to see its code in the context as illustrated below. The developer can now secure the code.

1341523847.png