There s a lot of noise arround currently ongoig SQL injection attacks and even if that is quite an "old" topic, there are still a lot of unprotected servers out in the cloud. This has nothing to do with vulnerabilities in the products (Webserver, database server), but are resulting from unproper programming practices, configuration, etc.
Here is a list of good best practices, advice and guidance for IIS and SQL:
MSDN Guidance:MSDN: How To: Protect From SQL Injection in ASP.NEThttp://msdn.microsoft.com/en-us/library/ms998271.aspx
MSDN: SQL Injectionhttp://msdn.microsoft.com/en-us/library/ms161953.aspx
MSDN: Explained – SQL Injectionhttp://msdn.microsoft.com/en-us/library/bb671351.aspx
Recent blog entries:Michael Howard’s SDL Blog: Giving SQL Injection the Respect it Deserveshttp://blogs.msdn.com/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx
Neil Carpenter's Blog: SQL Injection Mitigation: Using Parameterized Querieshttp://blogs.technet.com/neilcar/archive/2008/05/21/sql-injection-mitigation-using-parameterized-queries.aspx
BILLS Blog: SQL Injection Attacks on IIS Web Servershttp://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx
MSRC Blog: Questions about Web Server Attackshttp://blogs.technet.com/msrc/archive/2008/04/25/questions-about-web-server-attacks.aspx
Incident Response Focus on SQL Injection:Neil Carpenter's Blog: Anatomy of a SQL Injection Incidenthttp://blogs.technet.com/neilcar/archive/2008/03/14/anatomy-of-a-sql-injection-incident.aspx
Neil Carpenter's Blog: Anatomy of a SQL Injection Incident, Part 2: Meathttp://blogs.technet.com/neilcar/archive/2008/03/15/anatomy-of-a-sql-injection-incident-part-2-meat.aspx
Urs
PingBack from http://ntoolz.net/blog/2008/06/22/sql-injection-general-guidance/
Nice post. Really liked it..
Don't forget to update it regularly.
I am looking for new updates dieing to read more stuff from you ..