Ramblings of a DBA

Tara Kizer
posts - 166, comments - 837, trackbacks - 75

My Links



Search this Blog


Post Categories


Security Tools to help customers with SQL injection attacks

Microsoft has released three security tools to help customers with SQL injection attacks. 

The tools are:

  • UrlScan version 3.0 Beta, a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan helps prevent potentially harmful requests.
  • Microsoft Source Code Analyzer for SQL Injection Community Technology Preview (June 2008), a tool that can be used to detect ASP code susceptible to SQL injection attacks.
  • Scrawlr, a free scanner, developed by HP Web Security Research Group in conjunction with Microsoft, which will allow customers to identify whether their Web sites might be susceptible to SQL injection.

See this for details.

Print | posted on Tuesday, June 24, 2008 1:53 PM |



# re: Security Tools to help customers with SQL injection attacks

Hi Tara,

As blogged about URLscan 3 beta I am after a bit of advice for the SQL specifics tweaking for this tool. The MS IIS Team do not have enough knowledge on the SQL for it to be effective in the real world and I am trying to help them improve it.

More details in this thread.



7/11/2008 9:46 AM | Rovastar
Comments have been closed on this topic.

Powered by:
Powered By Subtext Powered By ASP.NET