[Original] Three security testing tools www.microsoft.com (Microsoft official) are recommended
1Microsoft Source Code Analyzer for SQL Injection
Official download: http://www.microsoft.com/downloads/details.aspx? Familyid = 58a7c46e-a599-4fcb-9ab4-a4334146b6ba & displaylang = en this tool called mscasi can detect ASPCodeThe SQL Injection Vulnerability (ASP code is known as the SQL injection vulnerability) is discovered. You need to provide original code to mscasi. mscasi will help you find the risky code location.
2URL scan 3.0
Official download: http://www.iis.net/downloads/default.aspx? Tabid = 34 & G = 6 & I = 1697 this tool allows IIS to restrict certain types of HTTP requests by limiting specific HTTP requests, this prevents malicious requests from being executed on the server. URLScan discovers malicious requests through a series of keywords and blocks execution of malicious requests
The following is an official website introduction:
Overview
URLScan version 3.1 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) 6.0 will process. URLScan screens all incoming requests to the server by filtering the requests based on rules that are set by the Administrator. filtering requests helps secure the server by ensuring that only valid requests are processed.
Most malicious attacks share a common characteristic in that the attack involves the use of a request that is unusual in some way. for instance, the request might be extremely long, request an unusual action, be encoded using an alternate character set, or include character sequences that are rarely seen in legitimate requests.
By filtering unusual requests, URLScan helps prevent such requests from reaching the server and potentially causing damage. by blocking specific HTTP requests, URLScan helps prevent potentially harmful requests from reaching the server. URLScan verision 3.0 security tool will install on IIS 5.1 and later, including IIS 7.
Features
The URLScan version 3.1 security tool gives administrators even greater control over URLScan configuration, providing functionality that helps administrators further secure and lock down the server.
New features include:
- New installer that allows URLScan 3.1 to be installed on IIS 5.1 or later, including IIS 7.
- Deny rules that can be independently applied to URL, query string, all headers, a participant header or a combination of these.
- A global denyquerystring section that lets you add deny rules for query strings with the option of checking un-escaped version of the query string as well.
- Support for escape sequences in the deny rules so it's possible to deny CRLF and other non-printable characters in configuration.
- Multiple URLScan instances can be installed as site filters, each with its own configuration and logging options (URLScan. INI ).
- Configuration (URLScan. INI) Change configurications that are propagated to worker processes without having to recycle them. Note that log settings still have to be recycled.
Benefits
The URLScan version 3.1 security tool helps protect your server from attacks by filtering requests based on rules that you set. the rules enforce processing of only valid requests by the Web server. even though URLScan helps provide additional security for your IIS 5.1 or later web server, you shoshould always evaluate and apply the latest security updates from Microsoft. as new security vulnerabilities are discovered, Microsoft publishes updates such as service packs, patches, or hotfixes. to help mitigate any risks such vulnerabilities might present, you need to apply these security updates as they become available.
Requirements
The following prerequisites must be fulfilled in order to install the new URLScan:
- You must be using IIS 5.1 or later.
- You must install URLScan as an administrator. If user access control (UAC) is enabled, you must use the "run as administrator" option when installing.
- Previous versions of URLScan must be uninstalled before installing this version of URLScan.
3Scrawlr
Official download: https://download.spidynamics.com/Products/scrawlr/, a tool developed by Microsoft and HP, crawls on the website, analyzes the query strings of all web pages and finds the SQL Injection risk. Scrawlr uses some of the same HP webinspectTechnologyBut only the SQL Injection risk is detected. Scrawlr crawls the entire website from a starting URL entry and analyzes all webpages on the website to find possible vulnerabilities.
Recommended Green: http://www.xdowns.com/soft/8/19/2008/Soft_44111.html