Fix Vulnerabilities

Now that you’ve scanned your codebase, and you’ve identified some vulnerabilities, you will need to begin to validate those results and ameliorate any potential risk. The first step you will want to take is reviewing each vulnerability in the Vulnerability List individually. By selecting the vulnerability, the vulnerable portion of the code will be identified in the file viewer panel.

Sometimes, CodeScan can register false positives – often due to sanitizing functions not being correctly identified at the beginning of the scan process. If this is the case in your scan, it may be worth going back to Step 2, Scan Your Project and following the Custom Filters section.

The CodeScan Vulnerability Help file contains information around what sensitive characters should be sanitized for particular vulnerabilities, as well as links to OWASP and CWE definitions where appropriate. This help file is a great way to start finding information around what steps need to be taken to secure your application.

CodeScan Labs, the research arm of CodeScan, has a number of articles and tutorials aimed at developers who are new in the area of Web Application Security. The content covers common vulnerabilities such as SQL Injection and Cross-Site Scripting, and is constantly being expanded with new articles from our researchers.

Once you have added sanitizers to all user input, and identified the function in the Custom Filters section, rescan your project to check that you’ve caught everything – and validate that your sanitizers are effective against a wide variety of attack strings.