[thelist] FW: Blogs on SQL injection.

Ken Schaefer Ken at adOpenStatic.com
Sat May 31 00:25:46 CDT 2008


Since SQL Injection appears to be a topical issue on the list at the moment

Cheers
Ken


------------------------------------------------------------------------------------------------------------------------
From: MSRC-MVP On Behalf Of Zot O'Connor
Sent: Saturday, 31 May 2008 2:45 PM
To: MSRC-MVP
Subject: Blogs on SQL injection.


We have posted a round of blogs to help people with the SQL injection attacks.  The articles are nothing earth shattering, but we wanted to collect the information that is out there to help end-users, and to give a single place for people to point to help navigate the various KBs and articles.  We also tried to fill in the missing gaps we saw in combating the problem (Classic ASP was #1 request).

We have targeted detection/prevention at the various layers (client, web server, web app, DB).

All of these are new article in the last few days.  Expect more over the next few weeks.  We are trying to reflect the feedback I received from my inquiries earlier this week.  Please feel free to keep sharing.

Please feel free to links, forward and comment on these articles.  Any feedback you have, please send to me as well.

SWI Blog:
http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx

IIS blog: (Classic ASP a big request I received)
http://blogs.iis.net/nazim/archive/2008/04/28/filtering-sql-injection-from-classic-asp.aspx

Neil on SQL parameterized queries
http://blogs.technet.com/neilcar/archive/2008/05/21/sql-injection-mitigation-using-parameterized-queries.aspx
http://blogs.technet.com/neilcar/archive/2008/05/21/sql-injection-mitigation-using-parameterized-queries.aspx

Michael Howard's  how  SDL handles this issue:
http://blogs.msdn.com/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx

MSDN Article on Classic Asp (Though a good primer in general)
http://msdn.microsoft.com/en-us/library/cc676512.aspx


MMPC malware article:
http://blogs.technet.com/antimalware/archive/2008/05/30/when-sql-injections-go-awry-incident-case-study.aspx



More information about the thelist mailing list