New tools enhance SQL Server security In collaboration with SQL Server, IIS, and Hewlett Packard, the Microsoft Security Response Center (MSRC) announced a set of tools that customers can use to defend against SQL injection attacks on their ASP websites and identify and mitigate root ASP code vulnerabilities. These tools are available through Microsoft Security Advisory 954462. These tools provides customers with automated assistance in defending against these attacks and for correcting the root cause. The following three tools are available for immediate download: （1）Microsoft Source Code Analyzer for SQL Injection New static analysis tool that identifies SQL injection vulnerabilities in ASP source code and suggests fixes. Enables customers to address the vulnerability at the source. （2）URLScan 3.0 Updated version of the IIS tool that acts as a site filter by blocking specific HTTP requests. Can be used to block malicious requests used in this attack. （3）Scrawlr New scanning tool from Hewlett Packard that scans websites looking for SQL injection vulnerabilities in URL parameters. ->CHS.
引用 3 楼 HEROWANG 的回复:昨天看到了，就是微软发布的三个扫描注入式sql攻击的工具 SQL Server 2008 中的功能.
引用 5 楼 paulmake 的回复:很强大...