Albert_252822
Apr 20, 2016Nimbostratus
Adding parameters to a vulnerability
Hi all,
What do you think is the best method to add different parameters to a known vulnerability.
The scenario is that my vulnerability scanner detects an SQL Injection on the paramter "user" (http://site.com/login.php?user=joe) and I import that result scan to the ASM. On the other hand, I know that the parameter "id" also is vulnerable to SQLi (http://site.com/login.php?id=2) but it wasn't detected by the vulnerability scanner. How could I add the parameter "id" to be protected against SQLi in the same policy?
Thanks in advance.