Microsoft Source Code Analyzer for SQL Injection
Brief Description
Community Technology Preview (July 2008)
Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Customers can run the tool on their ASP source code to help identify code paths that are vulnerable to SQL Injection attacks.
On This Page
Quick Details
| File Name: | msscasi_asp_pkg.exe |
| Version: | 1.3 |
| Knowledge Base (KB) Articles: | KB954476 |
| Date Published: | 7/11/2008 |
| Language: | English |
| Download Size: | 2.0 MB |
| Estimated Download Time: | 5 min 56K |
Overview
In response to the recent mass SQL injection attacks, Microsoft has developed a new static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Web developers can run the tool on their ASP source code to identify the root cause of the attack and address them to reduce their exposure to future attacks. The tool will scan ASP source code and generate warnings related to first order and second order SQL Injection vulnerabilities. The tool also provides annotation support that can be used to improve the analysis of the code. 
Top of page
System Requirements
- Supported Operating Systems: Windows Server 2003 Service Pack 1; Windows Server 2008; Windows Vista; Windows XP Service Pack 2
Top of page
Instructions
Perform the following steps to download and install the Microsoft Source Code Analyzer for SQL Injection:
- Download msscasi_asp_pkg.exe to a temporary directory.
- Run msscasi_asp_pkg.exe.
- Enter an installation directory when prompted.
- After extracting the files, read the usage section of the Readme.htm file for next steps.
Top of page
Top of page
What Others Are Downloading
Top of page
