If you're doing ASP.NET development then you need to check these tools out. As per this security bulletin there has been a recent rise in SQL injection attacks, exploiting vulnerabilities in sites that do not follow best practice.
So here's what you need to do:
- Understand recent trends in SQL injection
- Check out the guidance from the SDL blog on SQL-injection defense techniques and also on
- Use two new tools from Microsoft to a) analyse your code and b) filter suspicious requests
- Also check out Scrawlr from the HP Security Laboratory (I like the cartoon on that page!) in conjunction with Microsoft
There's a forum for MSCASI at http://forums.microsoft.com/msdn/ShowForum.aspx?ForumID=92&SiteID=1
In short, if you're doing ASP.NET development, check your code and make sure you: