« Ruby creators warn of serious flaws | Main | OFF Topic: A farewell to Bill gates »

Tools: Microsoft Announces Three Tools to help prevent SQL Injection

"On Tuesday, Microsoft issued new tools to assist Microsoft ASP and ASP.NET technologies against recent Web-based attacks.

In April attackers went after Microsoft SQL sites by injecting malicious JavaScript onto legitimate sites. The JavaScript would direct a browser to a server hosting malicious software infecting the desktop with a variety of exploits. At the time Microsoft insisted it was not the result of a vulnerability, but lack of best practices on the sites themselves.

The tools released Tuesday are designed to help Web developers mitigate against such attacks. "

There is also a thread on the websecurity list discussing these tools.

HP Scrawlr Download: http://www.communities.hp.com/securitysoftware/blogs/....
URLScan Version 3.0 beta Download: http://learn.iis.net/page.aspx/473/using-urlscan
MSCASI SQL Source Code Analysis Tool Download: http://support.microsoft.com/kb/954476

Article Link: http://news.cnet.com/8301-10789_3-9976521-57.html
Additional Info Link: http://blogs.technet.com/swi/archive/2008/06/24/new-tools-to-block-and-eradicate-sql-injection.aspx


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!