New tools enhance SQL Server security

In collaboration with SQL Server, IIS, and Hewlett Packard, the Microsoft Security Response Center (MSRC) announced a set of tools that customers can use to defend against SQL injection attacks on their ASP websites and identify and mitigate root ASP code vulnerabilities. These tools are available through Microsoft Security Advisory 954462. These tools provides customers with automated assistance in defending against these attacks and for correcting the root cause. The following three tools are available for immediate download:

  • Microsoft Source Code Analyzer for SQL Injection
    New static analysis tool that identifies SQL injection vulnerabilities in ASP source code and suggests fixes.  Enables customers to address the vulnerability at the source.
  • URLScan 3.0
    Updated version of the IIS tool that acts as a site filter by blocking specific HTTP requests.  Can be used to block malicious requests used in this attack.
  • Scrawlr
    New scanning tool from Hewlett Packard that scans websites looking for SQL injection vulnerabilities in URL parameters.