Securing Against SQL Injection

Anything that can be done to make it easier to build more secure applications has to be a good thing. I spotted that yesterday we announced three new tools to help protect and identify potential SQL injection issues with ASP.NET and classic ASP applications.

• HP Scrawlr
  • A black-box analysis tool that can be pointed at a site which is then scanned for potential SQL injection vulnerabilities by building a site map and sending HTTP requests with attack strings then examining the responses for messages that might indicate a vulnerability
• UrlScan version 3.0 Beta
  • A request "filtering" tool for IIS that can block specific types of requests so they will never be processed
• Microsoft Source Code Analyzer for SQL Injection
  • Scans your classic ASP source to find code susceptible to SQL injection attack

More details on all of these can be found in Microsoft Security Advisory (954462) - Rise in SQL Injection Attacks Exploiting Unverified User Data Input.

Technorati Tags: security,iis,asp.net,sql injection

Comments

• Anonymous
  June 25, 2008
  The comment has been removed

• Anonymous
  June 26, 2008
  Why, oh why does this site crash Firefox 3? ;)

• Anonymous
  June 26, 2008
  Which site Ray? It all works fine for me. Mike

• Anonymous
  June 30, 2008
  Ha! I was just going to complain that this site crashes firefox 3 but see someone beat me to it... is this a cunning MS ploy now to force us to read your blogs in IE ;0)

• Anonymous
  June 30, 2008
  I'm posting this comment from Firefox 3 - it's working fine for me. Can you give me some more details? Does it happen with other MSDN blogs? Thanks, Mike.