0

enter image description here

I have a report generated by IBM appscanner tool. It scanned my mvc application and on some urls it gave me high alerts.
I'm trying to figure out how to perform parameter manipulation on my page like above information provided in the report to find the issue.
Example of the link on which the above report is based : localhost:46887/Myproject/country/edit/1

Improve this question
1
  • 1
    Doing SQL string concatenation are we? :) Make sure to parameterized your query to avoid this. Commented May 14, 2015 at 7:24

1 Answer 1

Reset to default
1

As a rule of a thumb: Aways cast the values (provided through Request) to concrete type which are you using in the application logic. If you are using ORM/ODM to access the data storage you recieve built in SQL injection protection :). This tool may be examins only the the query string and just assumes that injection is possible.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yes i figured out the same. The query string value was being manipulated and i'm using LINQ and EF so It automatically is protected agains SQL injection.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.