Shibboleth Scan Findings from OWASP Scan Tool

Cantor, Scott cantor.2 at
Wed Nov 24 15:14:29 UTC 2021

The former is a given, the XML code we use is long moribund and riddled with these sorts of bugs, that's why all this code is headed for the trash heap and being replaced with Java.

I have no idea what on earth it thinks the code is doing that makes it think there's a SQL call. I don't trust automated tools and I would imagine it's just making up things out of heuristics.

-- Scott

More information about the users mailing list