The MSRC released an advisory today that discusses the recent SQL injection attacks and announces three new tools to help identify and block these types of vulnerabilities. The advisory discusses the new tools, the purpose of each, and the way each complements the others. The goal of this blog post is to help you identify the best tool to use depending on your role (i.e. Web Developers vs. IT administrators).
Web Developers Recommendations
IT/Database Administrators Recommendations (as well as Web developers)
We are recommending two of the new tools announced today. One can help identify SQL injection vulnerabilities by crawling the website. The other one aims to block potential SQL injection attacks by filtering malicious requests. The website crawler will be useful if you don't have access to the source code.
The following table summarizes the pros and cons of these tools.