Skip to main content Microsoft Intelligent Data Platform Azure Arc Azure databases Power BI SQL Server 2025 SQL Server BI SQL Server 2022 SQL Server 2019 SQL Server 2017 SQL Server 2016 SQL Server 2005 - 2014 Downloads Community SQL End of Support Data Security - SQL Server Encryption SQL Server blog SQL Server and Azure SQL workshops Browse Microsoft Solutions Hub SQL Server Tech Community Azure Databases Tech Community Azure Synapse Analytics Tech Community Developer Find a partner Become a partner Partner resources Try SQL Server 2025 Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Software companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap
·
1 min read

New tools enhance SQL Server security

In collaboration with SQL Server, IIS, and Hewlett Packard, the Microsoft Security Response Center (MSRC) announced a set of tools that customers can use to defend against SQL injection attacks on their ASP websites and identify and mitigate root ASP code vulnerabilities. These tools are available through Microsoft Security Advisory 954462. These tools provides customers with automated assistance in defending against these attacks and for correcting the root cause. The following three tools are available for immediate download:

  • Microsoft Source Code Analyzer for SQL Injection
    New static analysis tool that identifies SQL injection vulnerabilities in ASP source code and suggests fixes.  Enables customers to address the vulnerability at the source.
  • URLScan 3.0
    Updated version of the IIS tool that acts as a site filter by blocking specific HTTP requests.  Can be used to block malicious requests used in this attack.
  • Scrawlr
    New scanning tool from Hewlett Packard that scans websites looking for SQL injection vulnerabilities in URL parameters.
Avatar photo
SQL Server Team

Related Posts

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Software companies Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads