SQL Injection Detection and Defense

Posted on

  • email
  • twitter
  • facebook
  • share this

share this

Microsoft has released tools to help website developers in their defense against SQL injection on sites that use ASP and ASP.Net technologies. The tools include URLScan 3.0 (which is in beta release) and Microsoft Source Code Analyzer for SQL Injection (MSCASI), available as a Community Technology Preview.

Hewlett Packard has also developed a free scanner which can identify whether sites are susceptible to SQL injection dubbed Scrawlr.

Developed to help battle recent SQL injection attacks as per a Microsoft Security Advisory bulletin, the tools are intended to help developers build more secure code and promote a more trusted ecosystem, Microsoft said.

There has been a recent rise in SQL injection attacks exploiting unverified user data input. When these attacks are successful, a hacker/ attacker can compromise data stored in databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded to malicious sites that may install malware on the client machine.
Filed under: , ,

Login To Comment

Become a Member

Not already a part of our community? Sign up to participate in the discussion. It's free and quick.

Sign Up

Be the first to comment on this article

999 E Touhy Ave
Des Plaines, IL 60018

Toll Free: 1.800.817.1518
International: 1.773.628.2779
Fax: 1.773.272.0920
Email: info@websitemagazine.com