Skip to content

Tools of the trade…..

25-6-2008

Now we are able thank you Microsoft!!

“We are communicating the availability of three separate tools which can help protect individual Web sites from SQL injection attacks,” said Microsoft Security Response Communications Manager Bill Sisk. “These free tools offer detection and defense, as well as identify possible code which may be exploited by an attacker. Microsoft encourages customers to review the advisory and follow the recommendation to download these tools for a safer Web site environment.”

UrlScan 3.0 works by restricting the types of HTTP requests that IIS (Internet Information Services) will process in order to prevent potentially harmful requests from reaching the Web application on the server. It will install on IIS 5.1 and later versions, including IIS 7.0, and can be downloaded here.

Microsoft’s Source Code Analyzer tool targets ASP source code, examining it for code that can lead to SQL injection vulnerabilities. The tool only identifies vulnerabilities in classic ASP code, and does not work on ASP.NET code.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: