Bryan Sullivan's Web Blog : sql injectionhttp://blogs.msdn.com/bryansul/archive/tags/sql+injection/default.aspxTags: sql injectionen-USCommunityServer 2.1 SP1 (Build: 61025.2)SQL injection in classic ASPhttp://blogs.msdn.com/bryansul/archive/2008/05/30/sql-injection-in-classic-asp.aspxFri, 30 May 2008 19:05:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:8563585bryansul0http://blogs.msdn.com/bryansul/comments/8563585.aspxhttp://blogs.msdn.com/bryansul/commentrss.aspx?PostID=8563585<P><SPAN style="FONT-SIZE: 11pt; FONT-FAMILY: 'Calibri','sans-serif'; mso-ascii-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Times New Roman'; mso-fareast-font-family: PMingLiU; mso-fareast-theme-font: minor-fareast; mso-bidi-theme-font: minor-bidi; mso-fareast-language: ZH-TW; mso-ansi-language: EN-US; mso-bidi-language: AR-SA">In light of the recent wake of SQL injection attacks on&nbsp;ASP sites, I'd like to highlight some&nbsp;relevant&nbsp;resources for learning about and&nbsp;responding to&nbsp;the threat.</SPAN></P> <P><SPAN style="FONT-SIZE: 11pt; FONT-FAMILY: 'Calibri','sans-serif'; mso-ascii-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Times New Roman'; mso-fareast-font-family: PMingLiU; mso-fareast-theme-font: minor-fareast; mso-bidi-theme-font: minor-bidi; mso-fareast-language: ZH-TW; mso-ansi-language: EN-US; mso-bidi-language: AR-SA">Bala Neerumalla has&nbsp;written a detailed document for <A class="" href="http://msdn.microsoft.com/en-us/library/cc676512.aspx" mce_href="http://msdn.microsoft.com/en-us/library/cc676512.aspx">preventing SQL injection in ASP</A> (that is, classic ASP, not ASP.NET).</SPAN></P> <P><SPAN style="FONT-SIZE: 11pt; FONT-FAMILY: 'Calibri','sans-serif'; mso-ascii-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Times New Roman'; mso-fareast-font-family: PMingLiU; mso-fareast-theme-font: minor-fareast; mso-bidi-theme-font: minor-bidi; mso-fareast-language: ZH-TW; mso-ansi-language: EN-US; mso-bidi-language: AR-SA">The Security Vulnerability Research &amp; Defense blog has posted an <A class="" href="http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx" mce_href="http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx">analysis of the attack</A>, along with guidance recommendations for IT/database admins, web developers, and end users.</SPAN></P> <P><SPAN style="FONT-SIZE: 11pt; FONT-FAMILY: 'Calibri','sans-serif'; mso-ascii-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Times New Roman'; mso-fareast-font-family: PMingLiU; mso-fareast-theme-font: minor-fareast; mso-bidi-theme-font: minor-bidi; mso-fareast-language: ZH-TW; mso-ansi-language: EN-US; mso-bidi-language: AR-SA">Finally, Michael Howard recently wrote a post on the SDL blog on&nbsp;<A class="" href="http://blogs.msdn.com/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx" mce_href="http://blogs.msdn.com/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx">SQL injection defenses</A> required by the SDL.</SPAN></P> <P><SPAN style="FONT-SIZE: 11pt; FONT-FAMILY: 'Calibri','sans-serif'; mso-ascii-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Times New Roman'; mso-fareast-font-family: PMingLiU; mso-fareast-theme-font: minor-fareast; mso-bidi-theme-font: minor-bidi; mso-fareast-language: ZH-TW; mso-ansi-language: EN-US; mso-bidi-language: AR-SA"></SPAN>&nbsp;</P><img src="http://blogs.msdn.com/aggbug.aspx?PostID=8563585" width="1" height="1">sql injection