New Information on SQL Injection Attacks

I just wanted to make sure that you have seen the Advisory (Rise in SQL Injection Attacks Exploiting Unverified User Data Input) where we added some additional information. This is especially important as we did not "only" publish guidance but tools as well:

Detection – HP Scrawlr (a free scanner from HP)
Defense – UrlScan version 3.0 Beta
Identifying – Microsoft Source Code Analyzer for SQL Injection

Definitely tools worth looking at if you are running public applications

Roger

Published 24 June 08 10:38 by rhalbh

Filed under: Security, Processes, Incidents

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

No Comments

Leave a Comment

Name (required)
Your URL (optional)
Comments (required)

Enter Code Here: Required
Remember Me?

Search

This Blog

Chat directly with me if you want. Go to my About page to find a web messenger!

Visit ourPhoto Gallery

Rogers Security Blog at Blogged

Add to Technorati Favorites

Links to other blogs

Syndication