This is good. I had a dream last night that I found that "script" injection all over my sites again. It requires NET 3.0, but does anyone know if you have NET 3.5, will it matter?
no it won't matter, I have all versions of .net installed<
How accurate is this tool? I mean, if I run it against installed MODs and such and it says they are OK, can I leave it at that or is there something more I need to do?<
You can trust the holes it finds, but if it fails to find any, you cannot conclude the code is bug free. Manual analysis is the only way to be sure the code is safe.<
Thanks for the info, Rui! I'll shoot one back at ya. I've used Scrawlr to help find a few vulnerabilities in our applications. Appearantly Hewlett Packard was contracted by Microsoft to help come up with some SQL Injection Tools and they offer this one as a freebie now. For whatever it's worth.
Microsoft ASP Code Analyzer for SQL Injection
Posted - 02 July 2008 : 15:49:54
.<