Stamp out SQL Injections

Published 24 June 08 05:42 PM | rodtrent

Microsoft has released (or co-released) 3 new tools to help eliminate SQL injections:

UrlScan version 3.0 Beta, a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan helps prevent potentially harmful requests.
Microsoft Source Code Analyzer for SQL Injection Community Technology Preview (June 2008), a tool that can be used to detect ASP code susceptible to SQL injection attacks.
Scrawlr, a free scanner, developed by HP Web Security Research Group in conjunction with Microsoft, which will allow customers to identify whether their Web sites might be susceptible to SQL injection.

Read more…

http://blogs.technet.com/msrc/archive/2008/06/24/rise-in-sql-injection-attacks-exploiting-unverified-user-data-input.aspx

Get the tools…

http://www.microsoft.com/technet/security/advisory/954462.mspx

Filed under: Internet, Security, SQL Server

Comments

No Comments

Search

Go

This Blog

Home

Tags

Navigation

Archives

News

Ni Hao! Wo shi Rod.

The Bruce Campbell Fan Store

Community

Things I've done

myITforum.com

Things I do

Blog Roll

Syndication

RSS
Atom