Microsoft Switzerland Security Blog

Security informations brought to you by the Swiss Security Team.

SQL Injection General Guidance

SQL Injection General Guidance

  • Comments 2
  • Likes

There s a lot of noise arround currently ongoig SQL injection attacks and even if that is quite an "old" topic, there are still a lot of unprotected servers out in the cloud. This has nothing to do with vulnerabilities in the products (Webserver, database server), but are resulting from unproper programming practices, configuration, etc.

Here is a list of good best practices, advice and guidance for IIS and SQL:

MSDN Guidance:
MSDN:  How To: Protect From SQL Injection in ASP.NET
http://msdn.microsoft.com/en-us/library/ms998271.aspx

MSDN: SQL Injection
http://msdn.microsoft.com/en-us/library/ms161953.aspx

MSDN: Explained – SQL Injection
http://msdn.microsoft.com/en-us/library/bb671351.aspx

Recent blog entries:
Michael Howard’s SDL Blog: Giving SQL Injection the Respect it Deserves
http://blogs.msdn.com/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx

Neil Carpenter's Blog: SQL Injection Mitigation: Using Parameterized Queries
http://blogs.technet.com/neilcar/archive/2008/05/21/sql-injection-mitigation-using-parameterized-queries.aspx

BILLS Blog: SQL Injection Attacks on IIS Web Servers
http://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx

MSRC Blog: Questions about Web Server Attacks
http://blogs.technet.com/msrc/archive/2008/04/25/questions-about-web-server-attacks.aspx

Incident Response Focus on SQL Injection:
Neil Carpenter's Blog: Anatomy of a SQL Injection Incident
http://blogs.technet.com/neilcar/archive/2008/03/14/anatomy-of-a-sql-injection-incident.aspx

Neil Carpenter's Blog: Anatomy of a SQL Injection Incident, Part 2: Meat
http://blogs.technet.com/neilcar/archive/2008/03/15/anatomy-of-a-sql-injection-incident-part-2-meat.aspx

Urs

 

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment