SQL Injection Attacks on IIS Web Servers

Saturday, April 26, 2008

.NET

There have been conflicting reports about SQL Server injection attacks and a possible new IIS vulnerability.

This is not related to a new IIS or SQL or ASP.NET vulnerability
A bot is scanning the Web trying SQL Server injections
Of course, it is finding a lot of poorly designed non secured pages

Get the facts and learn about injection attacks:
http://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx

2 Comments

I manage a classic ASP web application that is probably vulnerable to SQL Injection attacks. Now I will need to write a lot of stored procedures. :(

I haven't seen any developer blog posts about security and none of the programming books I've read this year have even mentioned security. I consider this a fine example of how a narrow focus on "engineering practices" does not make for excellence in application development.

rrobbins - Monday, April 28, 2008 1:00:26 PM

your code should be mature enough to kick sql injections
IIS 7 vs window 2008 is a good combinations and security feautres are nice.

serversguy - Friday, June 5, 2009 2:46:50 PM

Comments have been disabled for this content.