Highest Voted 'veracode' Questions

0

votes

1 answer

Untrusted Initialization - VeraCode Scan Issue

I am getting one High veracode scan issue in the below code. What changes do i need to make to resolve it. private OleDbConnection importFileConnection; private OleDbConnection ImportFileConnection { get { if (importFileConnection == null) {…

c# asp.net sql-server veracode

asked Dec 23 '15 at 07:47

Rohit Sharma

179
1
3
18

0

votes

0 answers

How do you guard UrlHelper.Action from XSS?

We have an ASP.NET MVC site that uses UrlHelper.Action to generate URLs that are sent to the client. We have scanned our application using Veracode security platform. It has identified a problem: Improper Neutralization of Script-Related HTML Tags…

asp.net-mvc security xss urlhelper veracode

asked Dec 04 '15 at 16:08

Craig Celeste

12,207
10
42
49

0

votes

0 answers

Parametrized query not resolving sql injection flaws

I have the following piece of code, in which I have made the parameterized query, as I read somewhere that this avoids the SQL injection. But after making this change, I am still getting the SQL injection flaw. StrCmd = "select TdsSubCode from Rate…

sql sql-injection veracode

asked Nov 18 '15 at 08:05

Bordan

1

0

votes

1 answer

Using .html() in MVC to display dialog gives XSS error in Veracode

A system we developed was run through Veracode for security flaws. It highlighted an "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" item on a javascript function that pops up a view in a modal dialog. The view has no…

jquery html asp.net-mvc security veracode

asked Oct 19 '15 at 17:07

Seamus Barrett

1,145
1
10
15

0

votes

1 answer

Alternative to System.exit(1) in Java to pass veracode scan

J2EE Bad Practices: Use of System.exit() VeraCode scan is showing the above security flaw. Vera Code is pointing to the places where System.exit used other than main() method. Purpose of the System.exit(1) is to exit the system if the connection is…

java veracode system.exit

asked Oct 15 '15 at 19:44

Spring

11
3

0

votes

2 answers

How to Solve Trust Boundry violation result for Veracode scan?

I am getting violation for below line request.getSession().setAttribute(Constants.DATA_LIST,dataList); where dataList is ArrayList dataList=(ArrayList)request.getSession().getAttribute(Constants.DATA_TRANSFER_OBJECT); and Constants.DATA_LIST…

java jsp veracode scriptlet

asked Sep 08 '15 at 06:48

Kiran Lokhande

1
2

0

votes

1 answer

How can I allow user controlled CSS without introducing XSS?

I have an application where I could customize HTML templates depending on requirement of client. It has a provision of including CSS style scripts when creating a template which would be injected at the end when generating the template. By this way,…

css security xss veracode

asked Sep 07 '15 at 08:15

Manoj

149
1
3
12

0

votes

1 answer

Cannot fix cross-site scripting error

Done everything I could with the code to fix it but Veracode still gives error for the following code: Byte[] bytes = (Byte[])dt.Rows[i]["Content"]; Response.Buffer =…

c# xss veracode

asked Aug 28 '15 at 20:34

gene

2,098
7
40
98

0

votes

1 answer

VeraCode Scan: How can I "unpropose" 100+ flaws?

I've submitted several proposals for flaws but I wasn't aware that the VeraCode web UI keeps them in "memory" until I commit them. So what happened is that I now have 100+ flaws which contain 7 proposals (the first one is the one for the flaw…

veracode

asked Jun 01 '15 at 10:09

Aaron Digulla

321,842
108
597
820

0

votes

1 answer

How to fix a Veracode warning: "Use of Wrong Operator in String Comparison (CWE ID 597)"

Following a Veracode static scan, there is a warning of "Use of Wrong Operator in String Comparison (CWE ID 597)" For the following code: if (uid != null && uid != "") { // LOG.info("Inside deleteUser of Active directory"); //…

string veracode

asked Apr 14 '15 at 10:56

gopi

1
2

0

votes

2 answers

VeraCode Reports ServiceStack OrmLite with Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE ID 89)

Ok, so I am using ServiceStack OrmLite for my data needs in my Web API. When I submitted my code to VeraCode for code security scanning and verification the result report showed that OrmLite shows potential SQL Injection attack…

c# sql-server sql-injection ormlite-servicestack veracode

asked Oct 29 '14 at 16:46

Mr. Young

2,364
3
25
41

0

votes

1 answer

XSS remediation - Improper Neutralization of Script-Related HTML Tags

I'm trying to fix some XSS errors with my code. #getEmailRecord is the line that contains the problem. How do I fix a piece of code like this? The error: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). Veracode…

coldfusion xss veracode

asked Aug 29 '14 at 13:37

Craig24

47
6

0

votes

1 answer

How to compare fxcop warnings against veracode reults

I have to make a choice between Veracode and FxCop for application security testing. Obviously Veracode comes with a price and FxCop is free. But to know the efficiency of FxCop I must compare my results with the free analysis result provided by…

c# security fxcop veracode

asked Jul 07 '14 at 20:35

Soumya Das

21
2

0

votes

2 answers

Alternate way of loading a resource other than getClass().getResourceAsStream() or Resources.Open(“”) in LWUIT(J2ME)

We've just gotten feedback on the security of the J2ME app we delivered, and it seems that Veracode is taking getClass().getResourceAsStream(), called in Resources.Open("/res/resfile.res") as a security…

java java-me lwuit veracode

asked Feb 24 '14 at 07:44

Pat

1,193
1
11
36

0

votes

1 answer

How can I fix improper Neutralization of Script-Related HTML Tags in a Web Page?

We recently run VeraCode and it failed the following method: static public void WriteTargetAttribute(HtmlTextWriter writer, string targetValue) { if ((writer != null) && (!String.IsNullOrEmpty(targetValue))) { if…

c# html veracode

asked Feb 21 '14 at 22:04

piterskiy

177
2
6
14

Questions tagged [veracode]