Our Security team is using Rational Appscan software for scanning applications from any kind of Vulnerability’s and sensitive information’s that may allow malicious users to obtain. However, the result I get from the software is classified under three categories:
Theses Vulnerabilities or categories are pointed to line number 2 as follow:
Using connection As New SqlConnection(ConfigurationManager.ConnectionStrings("LocalSqlServer").ToString())
Const queryString As String = "SELECT Name from Users where SAPID = @SAPID"
Dim command As New SqlCommand(queryString, connection)
Dim parUsername As New SqlParameter("@SAPID", SqlDbType.VarChar, 20)
parUsername.Value = TextBox1.Text
Using reader As SqlDataReader = command.ExecuteReader(CommandBehavior.CloseConnection)
' Call Read before accessing data.
If reader.HasRows Then
Label1.Text = reader("Name")
The connection string in the web.config file is encrypted using RSA with a Machine-Level Key Container.
The connection string before it is encrypted is as as follow:
Can someone tell me whey the SQL statement above is Vulnerable.