THE SQL Server Blog Spot on the Web

Welcome to - The SQL Server blog spot on the web Sign in | |
in Search

Browse by Tags

All Tags » Security » sql injection   (RSS)
  • Microsoft Releases Tools To Address SQL Injection Attacks

    Remember the post by Aaron Bertrand titled Call a spade a spade! (SQL injection, or IIS vulnerability?)? Microsoft has released 3 tools that deal with this SQL injection. These three tools include HP Scrawlr , UrlScan version 3.0 Beta , and a SQL Source Code Analysis Tool. Microsoft further recommends following the best practices found within ...
    Posted to Denis Gobo (Weblog) by Denis Gobo on June 25, 2008
  • Call a spade a spade! (SQL injection, or IIS vulnerability?)

    In a recent blog post, Dancho Danchev mis-labeled a recent IIS vulnerability as a ''massive SQL injection attack.'' Let's be honest here.  Yes, this alert needs attention.  But this is not a new SQL injection vulnerability.  It is simply an exploit in IIS that lets malicious users access your source code.  If your database is ...
    Posted to Aaron Bertrand (Weblog) by AaronBertrand on April 26, 2008
  • SQL Injection Cheat Sheet

    What is SQL Injection? From wikipedia: SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby ...
    Posted to Denis Gobo (Weblog) by Denis Gobo on September 19, 2007
Privacy Statement