SQL-Injection: Microsoft and HP help out?
SQL-Injection: Microsoft and HP help out?
Both Microsoft and HP have released a free set of tools that will check web applications for any weaknesses that revolve poor parameter filtering that would lead to SQL injection or XSS. HP have released Scrawlr, which based around the commercial product, WebInspect Wait a second, didn’t Spidynamics create WebInspect? Yes but HP bought them out.
Microsoft offer urlscan 3.0 beta and have a source code analyser that detects whether ASP code is susceptible to SQL injection.