 |
 |
 |
|
08.22.08 Microsoft Tool Reduces SQL Injection Attacks  By Mike Sachoff Microsoft has introduced a new security filter for its Internet Information Service (IIS) Web server that is aimed at reducing SQL injection attacks. The application called UrlScan 3.0 is free and is an add-on tool to IIS that offers real time verification of HTTP server requests, which help to block malicious code. A SQL injection attack is direct attack on a SQL Server via malicious code in a query string, which is routed to a SQL Server through an Internet application. If security measures are not in place the code could cause problems on the Web site's back end. In June, Mirosoft said that the SQL injection attack problem was casued by poor security measures in Web applications.
"The attacks are facilitated by SQL injection exploits and are not issues related to IIS 6.0, ASP, ASP.Net, or Microsoft SQL technologies," wrote Bill Sisk, a communications manager at Microsoft, in a blog post. "SQL injection attacks enable malicious users to execute commands in an application's database." For technical reasons, previous versions of UrLScan did not look at the query string in the server request. The latest version does. "In [UrlScan] 3.0, we added the ability to do filtering based on the query string, in addition to the URL," said Wade Hilmo Microsoft's senior development lead on the IIS product team. "We also added the ability to create more granular rules that can be targeted to specific types of requests. For example, you can write a rule that only applies to ASP pages or PHP pages, which is something you would never be able to do in UrlScan 2.5." About the Author: Mike is a staff writer for WebProNews. Visit WebProNews for the latest ebusiness news. |
|
| ||
| --
SQLProNews is an iEntry, Inc. publication -- iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 2008 iEntry, Inc. All Rights Reserved Privacy Policy Legal advertising info | news headlines | free newsletters | comments/feedback | submit article |
SQLproNews is brought to you by: