SQL Injection Attacks Tool - Download UrlScan 3.0 - ASP.NET Security Best Practices

SQL Injection Attacks have been around forever. I looked back at some old posts on my blog that  go back to 2004 and 2005 on the topic:

• SQL Injection Attacks - Parameterized Queries - Regular Expressions - ASP.NET Security Best Practices
• Website Security - ASP.NET Security - SQL Injection Attacks
• SQL Injection Attacks - Testing Vulnerabilities - Validating Input - Handling Exceptions - Hashing Passwords - Encrypting Connection Strings

UrlScan is a tool that runs on IIS and monitors URL's for suspicious parameters in the URL. It can be used to help alleviate SQL Injection, but it doesn't alleviate you from practicing ASP.NET Security Best Practices.

Per the UrlScan Overview:

“UrlScan version 3.0 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) 6.0 will process. UrlScan screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator. Filtering requests helps secure the server by ensuring that only valid requests are processed.”

You can download UrlScan 3.0 for x86 and x64

 

Tag: ASP.NET Security

 

Related Posts:

• Microsoft Developer Security Resource Kit - Security Best Practices CheckLists and Developer Tools
• Encrypt Connection Strings AppSettings and Web.Config in ASP.NET 2.0 - Security Best Practices
• Cross-Site Scripting - ASP.NET Security - RegularExpressionValidator Control and Regex.IsMatch - HttpUtility.HtmlEncode
• .NET Security Risks and Vulnerabilities - Digital Blackbelt Series - Defend Your .NET Code

 

posted on Saturday, August 23, 2008 11:34 AM