Tuesday, June 24, 2008

Microsoft Source Code Analyzer for SQL Injection

This is in direct response to the Microsoft Security Advisory 954462 posted today (see Microsoft Security Advisory 954462 Released for additional references and information).

In response to the recent mass SQL injection attacks, Microsoft has developed a new static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Web developers can run the tool on their ASP source code to identify the root cause of the attack and address them to reduce their exposure to future attacks. The tool will scan ASP source code and generate warnings related to first order and second order SQL Injection vulnerabilities. The tool also provides annotation support that can be used to improve the analysis of the code.

See Microsoft Source Code Analyzer for SQL Injection in the Microsoft Download Center.

Additional References:

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: