New tools to prevent Microsoft SQL attacks - News - Software

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

New tools to prevent Microsoft SQL attacks

By Robert Vamosi, CNET News.com
June 25, 2008
URL: http://www.zdnet.com.au/news/software/soa/New-tools-to-prevent-Microsoft-SQL-attacks/0,130061733,339290113,00.htm

Microsoft has issued new tools to assist Microsoft ASP and ASP.NET technologies against recent Web-based attacks.

In April attackers went after Microsoft SQL sites by injecting malicious JavaScript onto legitimate sites. The JavaScript would direct a browser to a server hosting malicious software infecting the desktop with a variety of exploits. At the time Microsoft insisted it was not the result of a vulnerability, but lack of best practices on the sites themselves.

The tools recently released are designed to help Web developers mitigate against such attacks.

"These free tools offer detection and defence, as well as identify possible code which may be exploited by an attacker," said Bill Sisk, security response communications manager for Microsoft.

The three tools include HP Scrawlr, UrlScan version 3.0 Beta, and a SQL Source Code Analysis Tool. Microsoft further recommends following the best practices found within advisory 954462.