Contents tagged with SQL Injection
-
Automate MSSASI As A Shell Command
I have created an ASP.NET page to automate the Microsoft Source Code Analyzer for SQL Injection command line tool. It would be tedious to craft a command for every page in a large Classic ASP web site. I was unable to scan my entire site until I developed this ASP.NET page.
-
SQL Injection Security Experiences
Last evening I tried out two of the tools that Joe Stagner wrote about in his blog post Tools to block and eradicate SQL injection. Since I manage a classic ASP web application that was completely lacking in security and potentially vulnerable to these attacks, I thought I'd share my experiences.
-
SQL Injection Threat On The Rise
I've been following the rise of SQL Injection attacks because I'm busy protecting a vulnerable web application. I'm very critical of the lack of attention this is getting in the developer community. In my opinion, if web developers were really communicating and collaborating with each other there would be a lot of chatter about this problem. I'm sure there are many programmers being kept busy dealing with the aftermath of these attacks but they are probably all implementing their own quirky solutions in isolation without the benefit of community feedback. And it is the lack of community which created the problem. There is no peer pressure to think about security or exchange of ideas on how best to protect a site against SQL Injection attacks (a topic that can generate a lot of debate). And without any discussion about the SQL Injection attack many developers are going to remain ignorant about it. There is however some ridicule about a lame attempt to protect against SQL Injection to be found on The Daily WTF. It is worthwhile to read through the comments.