Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Anything that can be done to make it easier to build more secure applications has to be a good thing. I spotted that yesterday we announced three new tools to help protect and identify potential SQL injection issues with ASP.NET and classic ASP applications.
- HP Scrawlr
- A black-box analysis tool that can be pointed at a site which is then scanned for potential SQL injection vulnerabilities by building a site map and sending HTTP requests with attack strings then examining the responses for messages that might indicate a vulnerability
- UrlScan version 3.0 Beta
- A request "filtering" tool for IIS that can block specific types of requests so they will never be processed
- Microsoft Source Code Analyzer for SQL Injection
- Scans your classic ASP source to find code susceptible to SQL injection attack
More details on all of these can be found in Microsoft Security Advisory (954462) - Rise in SQL Injection Attacks Exploiting Unverified User Data Input.
Technorati Tags: security,iis,asp.net,sql injection
Comments
Anonymous
June 25, 2008
The comment has been removedAnonymous
June 26, 2008
Why, oh why does this site crash Firefox 3? ;)Anonymous
June 26, 2008
Which site Ray? It all works fine for me. MikeAnonymous
June 30, 2008
Ha! I was just going to complain that this site crashes firefox 3 but see someone beat me to it... is this a cunning MS ploy now to force us to read your blogs in IE ;0)Anonymous
June 30, 2008
I'm posting this comment from Firefox 3 - it's working fine for me. Can you give me some more details? Does it happen with other MSDN blogs? Thanks, Mike.