This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
2
Semgrep CSS vs Brakeman SQLI: which is right?
Post Flair (click to view more posts with a particular flair)
Post Body
Ran Semgrep and Brakeman against Railsgoat. Both found the same vulnerability but classified it differently.
- Semgrep saw it as CWE-79: Cross Site Scripting
- Brakeman saw it as CWE-89: SQL Injection
Which is right?
EDIT: InB4 XSS
Author
Account Strength
100%
Account Age
16 years
Verified Email
Yes
Verified Flair
No
Total Karma
13,006
Link Karma
11,595
Comment Karma
1,381
Profile updated: 6 days ago
Subreddit
Post Details
We try to extract some basic information from the post title. This is not
always successful or accurate, please use your best judgement and compare
these values to the post title and body for confirmation.
- Posted
- 1 year ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/AskNetsec/c...