We have been using Optim Development Studio to automatically generate RESTful web services based on SQL script files. The web services get deployed to WebSphere App Server, which uses a JDBC driver to connect to DB2.
When we run Rational AppScan directly against the deployed web services, we are being informed that high risk security exposures exist in the generated web services. The exposure is known as SQL injection risk. This is a major risk that places the database at risk of having information manipulated or retrieved.
How can we continue to leverage the power of ODS and at the same time achieve a secure web service?
Does the code generation within ODS perform any SQL injection inspection?
Hope somebody from ODS is paying close attention to this forum.