Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If you're doing ASP.NET development then you need to check these tools out. As per this security bulletin there has been a recent rise in SQL injection attacks, exploiting vulnerabilities in sites that do not follow best practice.
So here's what you need to do:
- Understand recent trends in SQL injection
- Check out the guidance from the SDL blog on SQL-injection defense techniques and also on MSDN
- Use two new tools from Microsoft to a) analyse your code and b) filter suspicious requests
- Also check out Scrawlr from the HP Security Laboratory (I like the cartoon on that page!) in conjunction with Microsoft
There's a forum for MSCASI at https://forums.microsoft.com/msdn/ShowForum.aspx?ForumID=92&SiteID=1
In short, if you're doing ASP.NET development, check your code and make sure you:
Use SQL Parameterized Queries
Use Stored Procedures
Use SQL Execute-only Permission