In reaction to the recent mass MSSQL injection attacks, Microsoft has developed a new static code examination tool for discovery MSSQL Injection vulnerabilities in ASP code.
Web site developers can run the tool on their ASP source code to recognize the root cause of the attack and tackle them to reduce their coverage to future attacks in the MSSQL databases.The tool will scan ASP source code and generate warnings linked to SQL Injection vulnerabilities. The tool also provides explanation support that can be used to develop the scrutiny of the code which will prevent MSSQL injection.
Directions to complete, follow these steps :
Download from this link and install the Microsoft Source Code Analyzer for Microsoft SQL Injection :
1. Download msscasi_asp_pkg.exe to a temporary directory.
2. Run msscasi_asp_pkg.exe.
3. Enter an installation directory when prompted.
4. After extracting the files, read the usage section of the Readme.htm file for next steps.
No comments:
Post a Comment