Anything that can be done to make it easier to build more secure applications has to be a good thing. I spotted that yesterday we announced three new tools to help protect and identify potential SQL injection issues with ASP.NET and classic ASP applications.

• HP Scrawlr
• A black-box analysis tool that can be pointed at a site which is then scanned for potential SQL injection vulnerabilities by building a site map and sending HTTP requests with attack strings then examining the responses for messages that might indicate a vulnerability
• UrlScan version 3.0 Beta
• A request "filtering" tool for IIS that can block specific types of requests so they will never be processed
• Microsoft Source Code Analyzer for SQL Injection
• Scans your classic ASP source to find code susceptible to SQL injection attack

More details on all of these can be found in Microsoft Security Advisory (954462) - Rise in SQL Injection Attacks Exploiting Unverified User Data Input.