Remember the post by Aaron Bertrand titled Call a spade a spade! (SQL injection, or IIS vulnerability?)? Microsoft has released 3 tools that deal with this SQL injection. These three tools include HP Scrawlr , UrlScan version 3.0 Beta , and a SQL Source Code Analysis Tool. Microsoft further recommends following the best practices found within ...

In a recent blog post, Dancho Danchev mis-labeled a recent IIS vulnerability as a ''massive SQL injection attack.'' Let's be honest here.  Yes, this alert needs attention.  But this is not a new SQL injection vulnerability.  It is simply an exploit in IIS that lets malicious users access your source code.  If your database is ...

What is SQL Injection? From wikipedia: SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby ...