Microsoft Source Code Analyzer for SQL Injection

Brief Description

Community Technology Preview (July 2008)
Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Customers can run the tool on their ASP source code to help identify code paths that are vulnerable to SQL Injection attacks.

Overview

In response to the recent mass SQL injection attacks, Microsoft has developed a new static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Web developers can run the tool on their ASP source code to identify the root cause of the attack and address them to reduce their exposure to future attacks. The tool will scan ASP source code and generate warnings related to first order and second order SQL Injection vulnerabilities. The tool also provides annotation support that can be used to improve the analysis of the code.

Top of page

System Requirements

Supported Operating Systems: Windows Server 2003 Service Pack 1; Windows Server 2008; Windows Vista; Windows XP Service Pack 2

.NET framework 2.0

Top of page

Instructions

Perform the following steps to download and install the Microsoft Source Code Analyzer for SQL Injection:

Download msscasi_asp_pkg.exe to a temporary directory.
Run msscasi_asp_pkg.exe.
Enter an installation directory when prompted.
After extracting the files, read the usage section of the Readme.htm file for next steps.

Top of page