Just sharing some of my inconsequential lunch conversations with you... RSS  

Wednesday, June 25, 2008

Tools to deal SQL Injection

Ok, the best way to avoid SLQ Injection is really writing SQL Injection safe code. Now that the obvious is out of the way, here are two great tools to assert, a an old one to protect:

Tool Usage Pros Cons Users
MSCASI Identifies SQL Injection vulnerabilities in ASP code through static source code analysis. Identify the root cause of the bug at the source code level. This version currently only works on ASP pages. Web developers
Scrawlr Detect SQL vulnerability using runtime analysis by crawling a website. No source code is required. Cannot identify the line of code responsible. IT/DB Administrator,Web developers
UrlScan v3.0 Beta Runtime filtering that blocks the types of HTTP requests that Internet Information Services (IIS) will process. URLScan filter can be easily deployed to mitigate SQL injection attack while the root cause is being fixed. Not fixing the root cause, thus the risk has not been eliminated completely. IT Administrators


Taken from Security Vulnerability Research & Defense

No comments:

Development Catharsis :: Copyright 2006 Mário Romano