Flags SC 111.1 and 111.2: Hardcoded Secret (10 pts.)
Click the "Possible hardcoded secret" issue.Codacy provides a brief, uninformative, and severely misleading analysis of this problem, as shown below.
Notice that Codacy says you can fix this problem in five minutes.
Examine this document:NIST SP 800-57 Part 1 Rev. 5Read these sections:
Recommendation for Key Management: Part 1 – GeneralCompromise of Keys and other Keying MaterialFlag SC 111.1 is covered by a green rectangle in the image below. Examine this document:
Compromise RecoveryRemoving sensitive data from a repositoryRead these sections:Compromise of Keys and other Keying MaterialFlag SC 111.1 is covered by a green rectangle in the image below.
Compromise Recovery
Flag SC 111.3: SQL Injection (10 pts)
Examine the SQL injection issues. Find the one that will allow an unauthorized user to authenticate without a password.The flag is the name of the file containing that vulnerable code.
Posted 3-3-24