Ok, the best way to avoid SLQ Injection is really writing SQL Injection safe code. Now that the obvious is out of the way, here are two great tools to assert, a an old one to protect:
| Tool | Usage | Pros | Cons | Users |
| MSCASI | Identifies SQL Injection vulnerabilities in ASP code through static source code analysis. | Identify the root cause of the bug at the source code level. | This version currently only works on ASP pages. | Web developers |
| Scrawlr | Detect SQL vulnerability using runtime analysis by crawling a website. | No source code is required. | Cannot identify the line of code responsible. | IT/DB Administrator,Web developers |
| UrlScan v3.0 Beta | Runtime filtering that blocks the types of HTTP requests that Internet Information Services (IIS) will process. | URLScan filter can be easily deployed to mitigate SQL injection attack while the root cause is being fixed. | Not fixing the root cause, thus the risk has not been eliminated completely. | IT Administrators |
Taken from Security Vulnerability Research & Defense
No comments:
Post a Comment