Tuesday, July 08, 2008

SQL Injection Code Analyzer


Microsoft has just released a free utility to help developers
analyze ASP code for SQL Injection vulnerabilities. Earlier this year,
several public sites went down when hackers unleashed a series of bots
to find and exploit servers where developers did not correctly code
their applications/pages to prevent SQL Injection attacks.

Here’s what the utility offers (from the original page):

In
response to the recent mass SQL injection attacks, Microsoft has
developed a new static code analysis tool for finding SQL Injection
vulnerabilities in ASP code. Web developers can run the tool on their
ASP source code to identify the root cause of the attack and address
them to reduce their exposure to future attacks. The tool will scan ASP
source code and generate warnings related to first order and second
order SQL Injection vulnerabilities. The tool also provides annotation
support that can be used to improve the analysis of the code.

Here’s the download location: Click here


1 comment:

digital signature software said...

A special thanks for this informative post. I definitely learned new stuff here I wasn't aware of !