Last post Apr 11, 2018 12:42 PM by Titto Thomas
Apr 10, 2018 09:30 PM|radhiy|LINK
Apr 11, 2018 06:15 AM|Brando ZWZ|LINK
According to your description, I suggest you could follow below steps to protect from injection attacks in ASP.NET.
More details, you could refer to below article.
Apr 11, 2018 12:42 PM|Titto Thomas|LINK
The basic reason for all these 3 vulnerabilities is lack of input validation. White-listing of user input is the basic fix for all the three. Regular Expressions are very helpful in this.
Otherwise, avoid passing user input directly to the function calls, if possible. Use indexes instead of supplying original user input to server side functions.
(please manually confirm the Zap scan result to filter out False Positives )