Share via


SQL injection in classic ASP

In light of the recent wake of SQL injection attacks on ASP sites, I'd like to highlight some relevant resources for learning about and responding to the threat.

Bala Neerumalla has written a detailed document for preventing SQL injection in ASP (that is, classic ASP, not ASP.NET).

The Security Vulnerability Research & Defense blog has posted an analysis of the attack, along with guidance recommendations for IT/database admins, web developers, and end users.

Finally, Michael Howard recently wrote a post on the SDL blog on SQL injection defenses required by the SDL.