Microsoft Puts Bull's-Eye on SQL Injection Attacks | eWeek

Microsoft Puts Bull’s-Eye on SQL Injection Attacks

Written By
Brian Prince
Brian Prince
Jun 24, 2008
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft is promoting newly released freeware to help IT pros put up a fight against SQL injection attacks.

The release of the products comes at a time when news of legitimate Web sites being compromised by SQL injections has become familiar in the headlines. Microsoft announced these products’ availability June 24 in a security advisory.

Two of the tools, UrlScan Version 3.0 Beta and Microsoft Source Code Analyzer for SQL Injection, are the sole fruits of Microsoft. The third, a Web site scanner called HP Scrawlr, was developed by Hewlett-Packard’s Web Security Research Group in conjunction with Microsoft.

“We are communicating the availability of three separate tools which can help protect individual Web sites from SQL injection attacks,” said Microsoft Security Response Communications Manager Bill Sisk. “These free tools offer detection and defense, as well as identify possible code which may be exploited by an attacker. Microsoft encourages customers to review the advisory and follow the recommendation to download these tools for a safer Web site environment.”

UrlScan 3.0 works by restricting the types of HTTP requests that IIS (Internet Information Services) will process in order to prevent potentially harmful requests from reaching the Web application on the server. It will install on IIS 5.1 and later versions, including IIS 7.0, and can be downloaded here.

Microsoft’s Source Code Analyzer tool targets ASP source code, examining it for code that can lead to SQL injection vulnerabilities. The tool only identifies vulnerabilities in classic ASP code, and does not work on ASP.NET code.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.