Quick security references (QSR) on Cross-Site scripting and SQL injection.

  Recently the Security Development Lifecycle (SDL) team announced the release of new type of security guidance papers called Quick security references (QSRs). The first two papers focus on Cross-Site scripting and SQL Injection. I would strongly recommend reading these interesting QSRs, as well as keeping an eye on the SDL blog.  -Raul Garcia  SDE/T … Read more

Microsoft ® Source Code Analyzer for SQL Injection – July 2008 CTP

Today we have released an updated Community Technology Preview of Microsoft Source Code Analyzer for SQL Injection.     We made the following improvements based on community feedback: Included a GUI to view warnings generated by the tool. Downgraded the requirements to Microsoft .NET Framework 2.0 from 3.0. Improved the ASP parser and analysis engine… Read more

Microsoft ® Source Code Analyzer for SQL Injection – June 2008 CTP

Today Microsoft has released a Community Technology Preview of a new source code analyzer that can help ASP developers find SQL Injection vulnerabilities in their code.   Three weeks ago Microsoft released guidance (http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx) on protecting ASP and ASP.NET web sites against SQL injection attacks. At the same time, Microsoft took an action item to develop… Read more