Microsoft Release New Tools to Help Web Developers in Fight Against SQL Injection
By Patrick Irvin • Jun 25th, 2008 • Category: ASP.Net Programming, SQL, Security, Tools / UtilitiesPublished on Website Magazine Blog – 06/25/08
SQL Injection Detection and Defense
Microsoft has released tools to help website developers in their defense against SQL injection on sites that use ASP and ASP.Net technologies. The tools include URLScan 3.0 (which is in beta release) and Microsoft Source Code Analyzer for SQL Injection (MSCASI), available as a Community Technology Preview.
Hewlett Packard has also developed a free scanner which can identify whether sites are susceptible to SQL injection dubbed Scrawlr.
Developed to help battle recent SQL injection attacks as per a Microsoft Security Advisory bulletin, the tools are intended to help developers build more secure code and promote a more trusted ecosystem, Microsoft said.
There has been a recent rise in SQL injection attacks exploiting unverified user data input. When these attacks are successful, a hacker/ attacker can compromise data stored in databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded to malicious sites that may install malware on the client machine.
Patrick Irvin is a Business Analyst working in the Tuscaloosa, Alabama area. Patrick works with .Net technologies as well as LAMP/PHP applications and has a wide range of experience in internet related applications.
Email this author | All posts by Patrick Irvin
