Great tool for finding SQL Injection vulnerabilities

I support a lot of large Classic ASP sites written years ago and every once in awhile they get hit with SQL Injection attacks. I grep through the log files, find out where they got in and patch it up and any other places where the same code is used. One site I’ve probably audited five times but it seems like I always miss a hole.

The HP Security Laboratory released a new piece of free (as in beer) software today called Scrawlr that scans your site and finds any openings. I ran it on a few of the sites I support and it found a couple more holes that when I looked at them, weren’t obvious injection points. The sites are all patched up now and I can sleep again.

Posted June 24th, 2008 5:40 PM
Read more posts about SQL Server, Software.

View Comments
Link

Erik

Thanks John, glad it worked well for you! If you or your readers have any feedback, we would love to hear it, so please send us your comments!

blog comments powered by Disqus

Ads by The Lounge

Great tool for finding SQL Injection vulnerabilities

Links

Archives

Categories

Search

Code License