Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
I just wanted to make sure that you have seen the Advisory (Rise in SQL Injection Attacks Exploiting Unverified User Data Input) where we added some additional information. This is especially important as we did not "only" publish guidance but tools as well:
- Detection – HP Scrawlr (a free scanner from HP)
- Defense – UrlScan version 3.0 Beta
- Identifying – Microsoft Source Code Analyzer for SQL Injection
Definitely tools worth looking at if you are running public applications
Roger