Microsoft tools address SQL injection attacks

Microsoft on Tuesday issued new tools to assist Microsoft ASP and ASP.NET technologies against recent Web-based attacks.

In April, attackers went after Microsoft SQL sites by injecting malicious JavaScript onto legitimate sites. The JavaScript would direct a browser to a server hosting malicious software infecting the desktop with a variety of exploits.

At the time Microsoft insisted it was not the result of a vulnerability, but lack of best practices on the sites themselves.

The tools released Tuesday are designed to help Web developers mitigate against such attacks.

"These free tools offer detection and defense, as well as identify possible code which may be exploited by an attacker," said Bill Sisk, security response communications manager for Microsoft.

The three tools include HP Scrawlr , UrlScan version 3.0 Beta , and a SQL Source Code Analysis Tool. Microsoft further recommends following the best practices found within advisory 954462.

This article was first published as a blog on CNET News.com.

Talkback 0 comments

• INFORMATION SECURITY ANALYST / SENIOR
• Application Security Professionals
• BDM Specialised Electronic Security Solutions
• IT Security Audit Engineer
• Senior SOX IT Auditor Immediate start $500 daily

TechGuides

Get network versatility with SSH tunneling and netcat

Vincent Danen explains how to use netcat with SSH tunneling when you need to create a secure connection to a server from a remote location.

Read more »

Latest from Blog Central

Where have all the bosses gone?

Read more »

Cutting-edge technology from premium sponsors

Adaptive Threat Management

High Performance Security for your Distributed Enterprise

Achieve lower TCO, agility, risk mitigation, compliance, and productivity

Webcast series: Cybercrime is a growth industry - is your organisation prepared?

More resources to optimize the security of your enterprise »

Brought to you by:

 

 

 

More Tech Showcases:

Juniper Networks