[thelist] FW: Blogs on SQL injection.

Ken Schaefer Ken at adOpenStatic.com
Sat May 31 00:25:46 CDT 2008

Since SQL Injection appears to be a topical issue on the list at the moment


From: MSRC-MVP On Behalf Of Zot O'Connor
Sent: Saturday, 31 May 2008 2:45 PM
Subject: Blogs on SQL injection.

We have posted a round of blogs to help people with the SQL injection attacks.  The articles are nothing earth shattering, but we wanted to collect the information that is out there to help end-users, and to give a single place for people to point to help navigate the various KBs and articles.  We also tried to fill in the missing gaps we saw in combating the problem (Classic ASP was #1 request).

We have targeted detection/prevention at the various layers (client, web server, web app, DB).

All of these are new article in the last few days.  Expect more over the next few weeks.  We are trying to reflect the feedback I received from my inquiries earlier this week.  Please feel free to keep sharing.

Please feel free to links, forward and comment on these articles.  Any feedback you have, please send to me as well.

SWI Blog:

IIS blog: (Classic ASP a big request I received)

Neil on SQL parameterized queries

Michael Howard's  how  SDL handles this issue:

MSDN Article on Classic Asp (Though a good primer in general)

MMPC malware article:

More information about the thelist mailing list