Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Customers can run the tool on their ASP source code to help identify code paths that are vulnerable to SQL Injection attacks.
Perform the following steps to download and install the Microsoft Source Code Analyzer for SQL Injection:
1. Download msscasi_asp_pkg.exe to a temporary directory.
2. Run msscasi_asp_pkg.exe.
3. Enter an installation directory when prompted.
4. After extracting the files, read the usage section of the Readme.htm file for next steps.
Abstract courtesy : Microsoft
Reference : Pinal Dave (http://blog.SQLAuthority.com)