Harsh Mehta

icon location Cyber security enthusiast

Results 4 comments of Harsh Mehta

SQL Injection flagged when concatenating strings

Please check this example: https://github.com/1n40/bandit/blob/master/examples/sql_statements-py36.py According to this example, concatenation is a bad practice and the query should not be concatenated.

SQL Injection flagged when concatenating strings

In the above mentioned example, at line number 21, under "Bad" formats, there is this line: `cur.execute("SELECT * FROM foo WHERE id = '" + identifier + "'")` This might...

Add a section for checking if the web application properly hashes passwords before storing them in the backend.

Yes I totally agree to @pinkLagoon. If the organization faces a data breach or even an insider threat scenario, the hashed passwords would be a second layer of security which...

New display modes: overlay file format, metadata, and strings

@mr-tz I have sent the proposal for this on the mail, can you review it once? Thanks!