|
|
Microsoft Helps With ASP, ASP.NET Security
By Doug Caverly
Staff Writer
Article Date: 2008-07-18
Anyone in charge of a site using ASP and ASP.NET technologies might want to make sure it's up to date in terms of security measures. According to Microsoft, there's been a rise in relevant SQL injection attacks.
"These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database," the company stated in an advisory.
Then, "When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine."
Microsoft's put out a source code analyzer in response, and you can download the thing here. At only 2.0 megabytes in size, it's definitely worth a look so long as you're dealing with Windows Server 2003 Service Pack 1, Windows Server 2008, Windows XP Service Pack 2, or Windows Vista.
UrlScan and Scrawlr are two other tools that may help (and they come courtesy of IIS and HP, respectively), but don't count on seeing any further types of corporate aid.
About the Author:
Doug is a staff writer for WebProNews. Visit WebProNews for the latest eBusiness news.
|
|
