In April ago, amount of attacks to a number of web server mount sharply, Microsoft become the side is very accused in this problem. Pass a careful investigation by security team Microsoft, got conclusion that the attack don’t relate to the hole at IIS 6.0, ASP, ASP.Net, technological and or Microsoft SQL. That happened is the attack relate to the gap SQL injection. Therefore, Microsoft provide guidelines to avoid the attack be like this.

A article from Website Windows Server Division conclude that “attack target SQL Injection is codes of application web, not code from web server itself. Thus, to avoid it needed by the security practice in accepting input from user, to be the input don’t contain the bad codes able to destroy the database, web server, till entirety of system.”

Pass this reason, at bulletin newest security of him, Microsoft try to assist the developer and administrator web prevent and to minimize attack SQL Injection by giving three tool:

• Microsoft Source Code Analyzer for SQL Injection (MSCASI): This is tool static code analysis able to identify the gap SQL Injection at ASP code. Tool this can view grow on the cause interpose SQL Injection at a code.

• Scrawlr: Developed by Microsoft with HP Web Security Research group, this tool will explore website, and analyse simultanly parameter from every web page the passed by to look for the is security gap of gristle by attack SQL Injection.

• UrlScan 3.0 Beta ( x86 and x64): Tool this enable the making a filter SQL able to limit the type request HTTP able to be processed by IIS. Tool this expected can prevent request HTTP which is have damage potency to be executed in server.

This tools can assist web administrator and developer in minimization interpose security on the web server.

Popularity: 37%

(No Ratings Yet)

 Loading ...

CommentSubscribe del.icio.us Digg it Furl reddit Simpy Spurl StumbleUpon Yahoo