Random Entry: Honours Security Course Lecture
< GeekDinner Johannesburg | SA Crime Stats 2008 >
Jun 25

Microsoft (and HP)++ for SQL Injection Response

Security No comments »
Security

Microsoft has released a security advisory detailing three ways to respond to the SQL injection attacks. This advisory doesn't covery a patch, just three tools:

  1. HP Scrawlr is a light weight version of HP's WebInspect that will look for SQL injection flaws. I love that they used the Bobby Tables XKCD comic.
  2. A new version of UrlScan (3.0 beta) the IIS version of mod_security.
  3. A source code analyser which will identify SQL injection vulns, although it currently only works for ASP and not ASP.NET.
That's pretty awesome, although, as always, these should be used to aid clue, not replace it.

Posted by Dominic White

0 Trackbacks

Trackback specific URI for this entry
  1. No Trackbacks

0 Comments

Display comments as(Linear | Threaded)
  1. No comments

Add Comment


E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA