So what are some of the tools available to combat SQL injection attacks in addition to being aware of web development?
Today, Microsoft and HP's security departments have launched three tools, respectively:
Microsoft SQL injection Attack source scanner: Microsoft source Code Analyzer for SQL injection (MSCASI). This tool is used for Web site developers. is a static scanning ASP code tool to find the first and second classes of SQL injection attack vulnerabilities. Tool Download Address:
http://support.microsoft.com/kb/954476
HP's SCRAWLR tool. This tool can be used by site maintenance personnel, is a black box scanning tool, do not need source code. Specifies the starting URL to start the scan. Determine if the code is not properly positioned as a vulnerability (because it is a black box test). Tool Download Address:
Microsoft's URLScan 3.0 Beta. This tool can be used by maintenance personnel on the site. It is an input filtering tool. If you find that your site is being injected with SQL, you can use this attack to filter out malicious input while patching the code holes. Of course, patching bugs in code is a real solution to avoiding SQL injection attacks entirely. Tool Download Address:
SWI's blog has a further description. Http://blogs.technet.com/swi/archive/2008/06/24/new-tools-to-block-and-eradicate-sql-injection.aspx
So, how do these three tools work together? An example is given below.
Step one: The site's maintainer uses SCRAWLR to scan the Web site to check for SQL injection vulnerabilities
Step Two: Notify the developer when a vulnerability is found. Developers use Mscasi to determine where SQL injection exploits are caused in the code by using a static scan of the ASP source.
Step three: While the developer fixes the vulnerability, the maintainer can use URLScan to filter for possible malicious input to secure the site.
The combined use of these three tools can greatly reduce the likelihood of a site being hung by horses. To tell you the truth, the site is now hanging horse is too much!
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
