Go to: Really interesting Web (http://www.zu14.cn)
ArticleLink: http://www.zu14.cn/2009/12/31/iis-defend-sql-injection-tools/trackback/
SQL injection is currently a major threat. To prevent SQL injection,ProgramDevelopers need to make great efforts to filter and check parameters. In this way, the upper layer is protected against injection.
In fact, the underlying anti-injection method can be used to make up for the shortcomings of the upper layer. Here, we will introduce two free tools.
Microsoft's URLScan
The security tool launched by Microsoft for its own IIS platform has a very good effect. It checks all HTTP requests processed by IIS.
URLScan can block an HTTP request that has security issues before it reaches the application.
URLScan 3.1 is the latest version. It supports IIS 2008, IIS 5.1, and IIS 6.0 on Windows Vista and Windows Server 7.0 systems.
Link: http://www.iis.net/expand/UrlScan there are many other useful IIS extensions here.
IIS 6 SQL Injection sanitation ISAPI wildcard
This is an iis sapi dll and prevents SQL Injection by checking HTTP requests. However, you can see from the name that this is for IIS, it can only be used on Windows 2003 IIS6.
Address: http://www.codeplex.com/IIS6SQLInjection