we have incorporated the recommended solutions in the application , but still in the scan reporting the issue
One way is use some type of indirection to avoid users manipulate directly the value of ID´s fields. For example, instead of this:
String idField = request.getParameter("idField");
Try to implement something like this:
String fakeId = request.getParameter("idField");
String realId = decodeFakeId(fakeId);
Where decodeFakeId(...) looks for the fakeId as akey in a dictionary, ArayList or something lie that and returns the linked value.
Hope this be useful.