Microsoft tools address SQL injection attacks

Advisory helps Web sites that use Microsoft ASP and ASP.NET technologies against recent Web-based attacks.

On Tuesday, Microsoft issued new tools to assist Microsoft ASP and ASP.NET technologies against recent Web-based attacks.

In April attackers went after Microsoft SQL sites by injecting malicious JavaScript onto legitimate sites. The JavaScript would direct a browser to a server hosting malicious software infecting the desktop with a variety of exploits. At the time Microsoft insisted it was not the result of a vulnerability, but lack of best practices on the sites themselves.

The tools released Tuesday are designed to help Web developers mitigate against such attacks.

"These free tools offer detection and defense, as well as identify possible code which may be exploited by an attacker," said Bill Sisk, security response communications manager for Microsoft.

The three tools include HP Scrawlr, UrlScan version 3.0 Beta, and a SQL Source Code Analysis Tool. Microsoft further recommends following the best practices found within advisory 954462.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Top 5: Cars with best resale value

Brian Cooley runs down the top five US automobiles with the best resale value in 2015, five years after original sale.

by Brian Cooley