SQL Injection Detection and Defense
Microsoft has released tools to help website developers in their defense against SQL injection on sites that use ASP and ASP.Net technologies. The tools include URLScan 3.0 (which is in beta release) and Microsoft Source Code Analyzer for SQL Injection (MSCASI), available as a Community Technology Preview.
Hewlett Packard has also developed a free scanner which can identify whether sites are susceptible to SQL injection dubbed Scrawlr.
Developed to help battle recent SQL injection attacks as per a Microsoft Security Advisory bulletin, the tools are intended to help developers build more secure code and promote a more trusted ecosystem, Microsoft said.
There has been a recent rise in SQL injection attacks exploiting unverified user data input. When these attacks are successful, a hacker/ attacker can compromise data stored in databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded to malicious sites that may install malware on the client machine.
Hewlett Packard has also developed a free scanner which can identify whether sites are susceptible to SQL injection dubbed Scrawlr.
Developed to help battle recent SQL injection attacks as per a Microsoft Security Advisory bulletin, the tools are intended to help developers build more secure code and promote a more trusted ecosystem, Microsoft said.
There has been a recent rise in SQL injection attacks exploiting unverified user data input. When these attacks are successful, a hacker/ attacker can compromise data stored in databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded to malicious sites that may install malware on the client machine.


Leave Your Comment
Login to CommentBecome a Member
Not already a part of our community?
Sign UpSign up to participate in the discussion. It's free and quick.