New Information on SQL Injection Attacks
I just wanted to make sure that you have seen the Advisory (Rise in SQL Injection Attacks Exploiting Unverified User Data Input) where we added some additional information. This is especially important as we did not "only" publish guidance but tools as well:
- Detection – HP Scrawlr (a free scanner from HP)
- Defense – UrlScan version 3.0 Beta
- Identifying – Microsoft Source Code Analyzer for SQL Injection
Definitely tools worth looking at if you are running public applications
Roger