Late Night Dev

Business and Development Resources for Web Developers and Analysts

Archives for the ‘Security’ Category

Microsoft Release New Tools to Help Web Developers in Fight Against SQL Injection

By Patrick Irvin • Jun 25th, 2008 • Category: ASP.Net Programming, SQL, Security, Tools / Utilities

Published on Website Magazine Blog – 06/25/08

SQL Injection Detection and Defense
Microsoft has released tools to help website developers in their defense against SQL injection on sites that use ASP and ASP.Net technologies. The tools include URLScan 3.0 (which is in beta release) and Microsoft Source Code Analyzer for SQL Injection (MSCASI), available as a Community [...]


Guarding against SQL Injection Attacks followup

By Patrick Irvin • May 21st, 2008 • Category: ASP.Net Programming, Security, Uncategorized

Thanks to Nico from Microsoft for pointing out a method I missed in my initial post. When constructing sql statements dynamically do not concatenate strings. Instead, use parameters when constructing your sql statements dynamically. For more information see – How To: Protect From SQL Injection in ASP.NET.
Microsoft also provides some good guidelines [...]


Guard against SQL Injection Attacks

By Patrick Irvin • May 20th, 2008 • Category: Security

After this past weeks onslaught of SQL injection attacks I think it is appropriate to review some measures that developers can take to ensure they do not become victims. If you are accepting unfiltered user input into your application or have a web application with parameterized queries and the commands are not sanitized before [...]