Microsoft SQL Injection Security Advisory

Microsoft has released a security advisory in response to the rapid increase in SQL injection attacks that have happened lately. This advisory was released to assist Web site administrators in identifying SQL injection issues within their Web application code, and to provide temporary solutions to mitigate SQL injection attacks against the server. The full advisory can be found at http://www.microsoft.com/technet/security/advisory/954462.mspx

It’s good to see Microsoft release such an advisory with explicit details on how to mitigate current issues and avoid SQL injection in the future. We have seen too many applications vulnerable to SQL injection, no matter if they’re ASP, PHP, Perl, Ruby or anything else. If you’re an ASP developer be sure to read this advisory and implement the listed strategies when coding, if you haven’t already.

Leave a Reply