Today we have released an updated Community Technology Preview of Microsoft Source Code Analyzer for SQL Injection.
We made the following improvements based on community feedback:
- Included a GUI to view warnings generated by the tool.
- Downgraded the requirements to Microsoft .NET Framework 2.0 from 3.0.
- Improved the ASP parser and analysis engine in various ways.
The updated tool can be downloaded from http://www.microsoft.com/downloads/details.aspx?FamilyId=58A7C46E-A599-4FCB-9AB4-A4334146B6BA. Please read the Readme.html file for the complete list of warnings generated by the tool along with code samples that will generate the warnings.
Please provide feedback and discuss issues related to the tool in the SQL Server Security forum at http://forums.microsoft.com/msdn/ShowForum.aspx?ForumID=92&SiteID=1
The Microsoft Source Code Analyzer for SQL Injection Team