We used VCG 1.6.1.0 to scan some code that we inherited to look for security vulnerabilities and were mostly satisfied with the results. After doing manual scans of the code, we realized that it was not catching any of the SQL Injections on queries that were done through java's EntityManager.
Is there any reason it can not do this?
Thanks,
Pat
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We used VCG 1.6.1.0 to scan some code that we inherited to look for security vulnerabilities and were mostly satisfied with the results. After doing manual scans of the code, we realized that it was not catching any of the SQL Injections on queries that were done through java's EntityManager.
Is there any reason it can not do this?
Thanks,
Pat
Hi Pat
I'll take a look at implementing a check for this in the next release.
Nick
That would be great!