Microsoft tools address SQL injection attacks

Advisory helps Web sites that use Microsoft ASP and ASP.NET technologies against recent Web-based attacks.

On Tuesday, Microsoft issued new tools to assist Microsoft ASP and ASP.NET technologies against recent Web-based attacks.

In April attackers went after Microsoft SQL sites by injecting malicious JavaScript onto legitimate sites. The JavaScript would direct a browser to a server hosting malicious software infecting the desktop with a variety of exploits. At the time Microsoft insisted it was not the result of a vulnerability, but lack of best practices on the sites themselves.

The tools released Tuesday are designed to help Web developers mitigate against such attacks.

"These free tools offer detection and defense, as well as identify possible code which may be exploited by an attacker," said Bill Sisk, security response communications manager for Microsoft.

The three tools include HP Scrawlr, UrlScan version 3.0 Beta, and a SQL Source Code Analysis Tool. Microsoft further recommends following the best practices found within advisory 954462.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

The one thing every refrigerator owner should know

One key factor determines how long your food stays fresh (and how much you end up wasting). Sharon Profis shares a few refrigerator organization tips everyone should know on "You're Doing it All Wrong."

by Sharon Profis