Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Lieutenant Commander
Lieutenant Commander

How to trigger warnings for these? Sql injection, stack trace, and hard coded passwords


Does anyone know whether any of these can trigger a warning in Fortify on Demand? I'm trying to figure which tool is better for me to use, these are just simple codes that I found helpful to do a quick test.

1) SQL injection

dbConnection = Utilities.getDBConnection();

sqlStatement= dbConnection.createStatement();

String query = "insert into users (status) values ('updated') where name='" + data + "'";

sqlStatement= dbConnection.createStatement();

Boolean result = sqlStatement.execute(query);

2) StackTrace

} catch (Exception e) {



3) Hard coded constants for db connection

return DriverManager.getConnection("jdbc:mysql://localhost/dbName", MYSQL_USERNAME, MYSQL_PASSWORD);



12 Replies
Micro Focus Expert
Micro Focus Expert

Thank you for your email. For others "following this post", I wanted to mention the Training Partner Program Micro Focus offers - .

  • No fee is required to be part of the program once your eligibility has been confirmed.
  • Access to the full online On-demand Training Library to help train your staff.
  • Ability to use Micro Focus course materials for staff development.
  • Access to the benefits of the PartnerNet Program – see
  • Ability to use all or parts of any existing course provided within the curriculum.
  • Ability to create new courses using parts of the material provided.
  • Ability to print your own manuals or purchase printed manuals at special reduced pricing.
  • Provision of Virtual Machines with pre-configured software environments and Micro Focus licenses to allow you to build your own as the need arises.
  • The ability to become a Testing Partner.
  • Access to the additional resources available to Training Partners.
  • Automatic membership in the TTP academic support community –
  • Become part of the growing community of academics teaching industry recognized materials to its staff and students.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.