Skip to Main Content

SQL Injection Detection and Defense

Posted on 6.24.2008
Microsoft has released tools to help website developers in their defense against SQL injection on sites that use ASP and ASP.Net technologies. The tools include URLScan 3.0 (which is in beta release) and Microsoft Source Code Analyzer for SQL Injection (MSCASI), available as a Community Technology Preview.

Hewlett Packard has also developed a free scanner which can identify whether sites are susceptible to SQL injection dubbed Scrawlr.

Developed to help battle recent SQL injection attacks as per a Microsoft Security Advisory bulletin, the tools are intended to help developers build more secure code and promote a more trusted ecosystem, Microsoft said.

There has been a recent rise in SQL injection attacks exploiting unverified user data input. When these attacks are successful, a hacker/ attacker can compromise data stored in databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded to malicious sites that may install malware on the client machine.

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up


Leave a comment
    Load more comments
    New code