http://www.websitemagazine.com/content/blogs/posts/archive/tags/urlscan/default.aspxTags: urlscanenCommunityServer 2008 SP2 (Build: 31104.93)http://www.websitemagazine.com/content/blogs/posts/archive/2008/06/25/SQL-Injection-Detection-and-Defense.aspxWed, 25 Jun 2008 16:00:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:5736Pete Prestipino0http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=5736http://www.websitemagazine.com/content/blogs/posts/archive/2008/06/25/SQL-Injection-Detection-and-Defense.aspx#commentsMicrosoft has released tools to help website developers in their defense against SQL injection on sites that use ASP and ASP.Net technologies. The tools include <a href="http://learn.iis.net/page.aspx/473/using-urlscan"><b>URLScan 3.0</b></a> (which is in beta release) and Microsoft Source Code Analyzer for SQL Injection (MSCASI), available as a Community Technology Preview. <br /><br /><b>Hewlett Packard has also developed a free scanner which can identify whether sites are susceptible to SQL injection dubbed <a href="http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx">Scrawlr</a>. </b><br /><br />Developed to help battle recent SQL injection attacks as per a Microsoft Security Advisory bulletin, the tools are intended to help developers build more secure code and promote a more trusted ecosystem, Microsoft said.<br /><br />There has been a recent rise in SQL injection attacks exploiting unverified user data input. When these attacks are successful, a hacker/ attacker can compromise data stored in databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded to malicious sites that may install malware on the client machine.<div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=5736" width="1" height="1">microsofturlscanSQL