SQLInjection攻击检测工具资源-CSDN文库

共10个文件

dll：4个

exe：2个

manifest：1个

SQL

Injection攻击检测工具

需积分: 10 200 浏览量 2009-04-25 14:05:57 上传评论收藏 2.91MB RAR 举报

资源推荐

资源详情

资源评论

收起资源包目录

SQL Injection攻击检测工具.rar （10个子文件）

SQL Injection攻击检测工具

msscasi_asp_pkg.exe 1.43MB

Microsoft Source Code Analyzer for SQL Injection

msvcm90.dll 220KB

msvcr90.dll 641KB

Microsoft.Analysis.AspParser.dll 101KB

Readme.html 207KB

Microsoft.VC90.CRT.manifest 524B

license.rtf 144KB

msscasi_asp.exe 4.5MB

msvcp90.dll 556KB

urlscan_v3_beta_x86.msi 346KB

<head> <style type="text/css"> p.MsoNormal {margin-top:0in; margin-right:0in; margin-bottom:10.0pt; margin-left:0in; line-height:115%; font-size:11.0pt; font-family:"Calibri","sans-serif"; } a:link {font-family:"Times New Roman","serif"; color:blue; text-decoration:underline; text-underline:single; } p.MsoListParagraph {margin-top:0in; margin-right:0in; margin-bottom:10.0pt; margin-left:.5in; line-height:115%; font-size:11.0pt; font-family:"Calibri","sans-serif"; } ul {margin-bottom:0in;} li.MsoNormal {margin-top:0in; margin-right:0in; margin-bottom:10.0pt; margin-left:0in; line-height:115%; font-size:11.0pt; font-family:"Calibri","sans-serif"; } table.MsoNormalTable {font-size:11.0pt; font-family:"Calibri","sans-serif"; } table.MsoTableGrid {border:solid black 1.0pt; font-size:10.0pt; font-family:"Calibri","sans-serif"; } p.MsoListParagraphCxSpFirst {margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; margin-bottom:.0001pt; line-height:115%; font-size:11.0pt; font-family:"Calibri","sans-serif"; } p.MsoListParagraphCxSpLast {margin-top:0in; margin-right:0in; margin-bottom:10.0pt; margin-left:.5in; line-height:115%; font-size:11.0pt; font-family:"Calibri","sans-serif"; } </style> </head> Microsoft � Source Code Analyzer for SQL Injection<o:p></o:p> [This is pre-release documentation and is subject to change in future releases] <o:p> </o:p> Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool to help find SQL Injection vulnerabilities in Active Server Pages (ASP) code. This document outlines tool usage, how to review the results from the tool, available annotation support and how to mitigate the identified vulnerabilities. <o:p> </o:p> Topics covered in this document <a href="#Prerequisites">Pre-Requisites</a> <a href="#SQLInjections">SQL Injection issues in ASP</a> <a href="#Usage">Usage</a> <a href="#Reviewingoutput">Reviewing the output</a> <a href="#AnnotationSupport">Annotation Support</a> <a href="#Limitations">Limitations</a> <a href="#ANTLR3License">ANTLR License</a> <a href="#Resources">Resources</a> <o:p> </o:p> <a name="Prerequisites"> Pre-Requisites</a><o:p></o:p> The command line tool requires the following software <![if !supportLists]> �         <![endif]>.NET Framework 3.0 <o:p> </o:p> <a name="SQLInjections"> SQL Injection issues in ASP<o:p></o:p></a> If user-supplied data from ASP�s Request.Form or Request.Querystring collections is used to construct dynamic SQL statements without any data validation, then attackers can inject SQL commands into the SQL statement and misuse it. This is generally referred to as First Order SQL Injection vulnerability. <o:p> </o:p> If user input is stored in a database by using one ASP page and then retrieved from the database and used to construct dynamic SQL statements in a different ASP page, then attackers can inject SQL commands into the SQL statement and misuse it. This is generally referred to as Second Order SQL Injection vulnerability. <o:p> </o:p> The best way to mitigate these vulnerabilities is to use Parameterized SQL queries. You can find more information on SQL Injection vulnerabilities in ASP and ways to mitigate them at <a href="http://msdn.microsoft.com/en-us/library/cc676512.aspx"> http://msdn.microsoft.com/en-us/library/cc676512.aspx</a>. <o:p> </o:p> The Microsoft � Source Code Analyzer for SQL Injection helps you find some of these issues automatically. <o:p> </o:p> <a name="Usage"> Usage<o:p></o:p></a> msscasi_asp.exe [/nologo] [/quiet] [/suppress=num;..;num] [/GlobalAsaPath=path] [/IncludePaths=path;..;path] /Input=file.asp <o:p> </o:p> Description:                 This tool analyzes ASP code for SQL Injection vulnerabilities. <o:p> </o:p> <p class="MsoNormal" style="margin-bottom:0in;mar

评论收藏

内容反馈