NeoShield Security logo NeoShield Security Quantum X

// sample report

PHP Code Security Review — Sample Report

This is a sample report — an illustrative example for evaluation only. It does not describe any specific customer or system.

Example scenario

A developer pastes a controller snippet for a defensive review before merging.

Executive summary

Two issues were identified: a query built with string concatenation (SQL injection risk) and unescaped output rendered into HTML (XSS risk). Both have well-understood, low-effort fixes: parameterised queries and output escaping.

Findings

IDFindingSeverityMapping
CR-01 SQL built by string concatenation High OWASP A03:2021 · CWE-89 · NIST SI-10
CR-02 Unescaped output to HTML Medium OWASP A03:2021 · CWE-79 · NIST SI-10

Details

CR-01 · SQL built by string concatenation

High

Evidence. User input is concatenated directly into a SQL statement instead of using a bound parameter.

Risk. An attacker could alter the query to read or modify unintended data.

Defensive countermeasure. Use prepared statements with bound parameters for every query that includes input.

OWASP A03:2021 · CWE-89 · NIST SI-10

CR-02 · Unescaped output to HTML

Medium

Evidence. A request value is echoed into the page without htmlspecialchars().

Risk. Reflected cross-site scripting if the value contains markup.

Defensive countermeasure. Escape all dynamic output on the way out (htmlspecialchars with ENT_QUOTES) and add a CSP.

OWASP A03:2021 · CWE-79 · NIST SI-10

Related NeoShield tool

Open AI Code Reviewer →

Defensive use only. This platform is for defensive and authorized security work only. Do not scan, test, or analyze systems you do not own or have explicit permission to assess. Sample reports never include offensive exploit steps.