SQLAuthority News – Microsoft Source Code Analyzer for SQL Injection

June 24, 2008

SQL, SQL Server, SQL Tips and Tricks, SQLAuthority News

Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Customers can run the tool on their ASP source code to help identify code paths that are vulnerable to SQL Injection attacks.

Perform the following steps to download and install the Microsoft Source Code Analyzer for SQL Injection:

1. Download msscasi_asp_pkg.exe to a temporary directory.
2. Run msscasi_asp_pkg.exe.
3. Enter an installation directory when prompted.
4. After extracting the files, read the usage section of the Readme.htm file for next steps.

Download Code Analyzer

Abstract courtesy : Microsoft

Reference : Pinal Dave (https://blog.sqlauthority.com)

Database, SQL Download, SQL Server Security

SQLAuthority News – Release Notes for SQL Server 2008 Release Candidate 0

SQLAuthority Download – SQL Server Cheatsheet

SQL SERVER – Fix : Error : Msg 7311, Level 16, State 2, Line 1 Cannot obtain the schema rowset DBSCHEMA_TABLES_INFO for OLE DB provider SQLNCLI for linked server LinkedServerName

May 4, 2007

SQL SERVER – Introduction to SQL Server Security – A Primer

April 23, 2012

SQL SERVER – One Trick of Handling Dynamic SQL to Avoid SQL Injection Attack?

February 6, 2015

3 Comments. Leave new

Stephen Hill
July 1, 2008 4:21 pm
Hi There,
Does this tool support Asp.net C#?
Cheers
Stephen
Reply
chirag patel
July 5, 2008 11:23 am
can it be run in sql server 2005
Reply
Madhivanan
May 20, 2010 3:05 pm
Pinal,
I have a procedure code that can avoid SQL Injection with the help of derived table
Refer this for more details
Reply