I have to give kudo's to the Microsoft IIS team for updating URLScan to help block automated sql injection attacks. Especially to Wade Hilmo and Nazim Lala . They have been very responsive when it came to involving the community (Thanks guys for the w3c Read More......( read more )

I have to give kudo's to the Microsoft IIS team for updating URLScan to help block automated sql injection attacks. Especially to Wade Hilmo and Nazim Lala . They have been very responsive when it came to involving the community (Thanks guys for the w3c logs). They (I'm sure along with others on the...

My blog was down a few days ago. I've had downtime in the minutes over the last few years, but as far as I recall, it's never been down for any significant time. Keyvan noticed that a bunch of us were attacked. Phil Haack was also, ahem, haacked. I host Read More......( read more )

So finally all the details have been worked out.  We are going to have this chat on Friday July 18th.  At 2:00 PM EST.  That is 11:00 AM PST. Shortly I will have a link where you can add a reminder to your calendar about this chat.  Read More......( read more )

One of the things I was curious what URLScan actually scanned and how. What is just servervariables or what?! I asked Wade H from the IIS Team for further explaination. It is good to be aware when you are implementing URLScan 3.0 and sql injection rules, what to actually check for. These 4 options are...

One of the things I was curious what URLScan actually scanned and how. What is just servervariables or what?! I asked Wade H from the IIS Team for further explaination. It is good to be aware when you are implementing URLScan 3.0 and sql injection rules Read More......( read more )

Joe Stagner posted about some great tools that you can use to help with SQL Injection.  This is the topic of our blog chat coming up, I haven’t set a firm date as I am trying to get as many folks to attend as I can from the Microsoft side. Check Read More......( read more )

For those supporting a Classic ASP and ASP.NET application, you probably have noticed an increase in sql injection attempts. Microsoft has released an updated URLScan 3.0. Here is the link to download URlScan version 3 beta for 32 bit or 64 bit . You can read about on the blogs by Wade Hilmo and Nazim...

The sql injection that has came up is affecting several ASP and ASP.NET applications. Although the only way to prevent an attack is validate the code, hopefully these posts will provide some direction. I included some links that discuss this more. http://forums.iis.net/p/1149068/1868206.aspx (Post by...

The sql injection that has came up is affecting several ASP and ASP.NET applications. Although the only way to prevent an attack is validate the code, hopefully these posts will provide some direction. I included some links that discuss this more. http Read More......( read more )