I wanted to find out the SQL statements in my application which was not written using PreparedStatement which are vulnerable to SQL injection attack.
Any code scanner which can does this job?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I wanted to find out the SQL statements in my application which was not written using PreparedStatement which are vulnerable to SQL injection attack.
Any code scanner which can does this job?
These two tools do a number of security checks on Java code:
http://suif.stanford.edu/~livshits/work/lapse/download.html
http://jsecscanner.sourceforge.net/
The first one definitely checks for vulnerability to SQL injection. Not sure about the second, but even if it doesn’t it will do other useful checks. Both are plugins to the Eclipse IDE.