Wednesday, June 25, 2008

ASP SQL Injection Source Code Analysis (CTP)

Microsoft Downloads - Microsoft Source Code Analyzer for SQL Injection

“Community Technology Preview (June 2008)

Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Customers can run the tool on their ASP source code to help identify code paths that are vulnerable to SQL Injection attacks.

In response to the recent mass SQL injection attacks, Microsoft has developed a new static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Web developers can run the tool on their ASP source code to identify the root cause of the attack and address them to reduce their exposure to future attacks. The tool will scan ASP source code and generate warnings related to first order and second order SQL Injection vulnerabilities. The tool also provides annotation support that can be used to improve the analysis of the code.

…”

Nice. I like that MS is stepping up and working to help us, developers, in this area. I don’t do much (cough… any…) ASP development these days, but I still thought this might be useful to note

Of course I can’t be satisfied with just this, but also want the same/like source analysis for C#/VB projects too. Maybe given the name, we’ll get this in the future… ;)

Note: This appears to be a Classic ASP focused tool...

2 comments:

  1. URL takes to ASP SQL Injection analysis tool. Can you give URL for ASP.NET SQL Injection Analysis Tool?

    ReplyDelete
  2. By bad, I guess this IS for Classic ASP and not ASP.Net.

    Thanks for the heads up, post updated.

    ReplyDelete

NOTE: Anonymous Commenting has been turned off for a while... The comment spammers are just killing me...

ALL comments are moderated. I will review every comment before it will appear on the blog.

Your comment WILL NOT APPEAR UNTIL I approve it. This may take some hours...

I reserve, and will use, the right to not approve ANY comment for ANY reason. I will not usually, but if it's off topic, spam (or even close to spam-like), inflammatory, mean, etc, etc, well... then...

Please see my comment policy for more information if you are interested.

Thanks,
Greg

PS. I am proactively moderating comments. Your comment WILL NOT APPEAR UNTIL I approve it. This may take some hours...