SQL injection is teh suck . . .

So do something about it: http://blogs.technet.com/swi/archive/2008/06/24/new-tools-to-block-and-eradicate-sql-injection.aspx

We give you 3 different ways to combat SQL injection on our platform above including an update to one of my all time favorite tools - URLScan!
Here's a blog post from a senior IIS dev-dude (Wade Hilmo) on the new URLScan and some of the new features: http://blogs.iis.net/wadeh/archive/2008/06/24/urlscan-v3-0-beta-release.aspx

Published 24 June 08 03:52 by Robert_Hensing

Comments

# Jeff Parker said on June 25, 2008 10:30 AM:

You know I never understood why people don't just use Parameterized Queries in .net. For everything from Dynamic SQL to Stored Procs. You set the correct datatype and everything gets handled by the framework for you. .net is a beautiful thing when used correctly.

Anonymous comments are disabled
Page view tracker