Robert Hensing's Blog

Software Security . . . and stuff.

SQL injection is teh suck . . .

SQL injection is teh suck . . .

  • Comments 1
  • Likes

So do something about it: http://blogs.technet.com/swi/archive/2008/06/24/new-tools-to-block-and-eradicate-sql-injection.aspx

We give you 3 different ways to combat SQL injection on our platform above including an update to one of my all time favorite tools - URLScan!
Here's a blog post from a senior IIS dev-dude (Wade Hilmo) on the new URLScan and some of the new features: http://blogs.iis.net/wadeh/archive/2008/06/24/urlscan-v3-0-beta-release.aspx

Comments
  • You know I never understood why people don't just use Parameterized Queries in .net. For everything from Dynamic SQL to Stored Procs. You set the correct datatype and everything gets handled by the framework for you. .net is a beautiful thing when used correctly.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment