<head>
<style type="text/css">
p.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:0in;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
}
a:link
{font-family:"Times New Roman","serif";
color:blue;
text-decoration:underline;
text-underline:single;
}
p.MsoListParagraph
{margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
}
ul
{margin-bottom:0in;}
li.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:0in;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
}
table.MsoNormalTable
{font-size:11.0pt;
font-family:"Calibri","sans-serif";
}
table.MsoTableGrid
{border:solid black 1.0pt;
font-size:10.0pt;
font-family:"Calibri","sans-serif";
}
p.MsoListParagraphCxSpFirst
{margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
}
p.MsoListParagraphCxSpLast
{margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
}
</style>
</head>
<p align="center" class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;
text-align:center">
<span style="font-size:14.0pt;mso-bidi-font-size:11.0pt;
line-height:115%">Microsoft � Source Code Analyzer for SQL Injection<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-top:0in;margin-right:0in;margin-bottom:0in;
margin-left:.5in;margin-bottom:.0001pt;text-align:justify;text-indent:.5in">
[This is pre-release documentation and is subject to change in future releases]</p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool
to help find SQL Injection vulnerabilities in Active Server Pages (ASP) code.
This document outlines tool usage, how to review the results from the tool,
available annotation support and how to mitigate the identified vulnerabilities.</p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
Topics covered in this document</p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<a href="#Prerequisites">Pre-Requisites</a></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<a href="#SQLInjections">SQL Injection issues in ASP</a></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<a href="#Usage">Usage</a></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<a href="#Reviewingoutput">Reviewing the output</a></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<a href="#AnnotationSupport">Annotation Support</a></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<a href="#Limitations">Limitations</a></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<a href="#ANTLR3License">ANTLR License</a></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<a href="#Resources">Resources</a></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<a name="Prerequisites"><b style="mso-bidi-font-weight:normal"><u>
<span style="font-size:14.0pt;mso-bidi-font-size:11.0pt;line-height:115%">
Pre-Requisites</span></u></b></a><b style="mso-bidi-font-weight:normal"><u><span style="font-size:14.0pt;
mso-bidi-font-size:11.0pt;line-height:115%"><o:p></o:p></span></u></b></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
The command line tool requires the following software</p>
<p class="MsoListParagraph" style="margin-bottom:0in;margin-bottom:.0001pt;
mso-add-space:auto;text-indent:-.25in;mso-list:l0 level1 lfo4">
<![if !supportLists]>
<span style="font-family:Symbol;mso-fareast-font-family:Symbol;mso-bidi-font-family:
Symbol"><span style="mso-list:Ignore">�<span
style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>.NET Framework 3.0</p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<a name="SQLInjections"><b style="mso-bidi-font-weight:normal"><u>
<span style="font-size:14.0pt;mso-bidi-font-size:11.0pt;line-height:115%">SQL
Injection issues in ASP<o:p></o:p></span></u></b></a></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
If user-supplied data from ASP�s Request.Form or Request.Querystring collections
is used to construct dynamic SQL statements without any data validation, then
attackers can inject SQL commands into the SQL statement and misuse it. This is
generally referred to as First Order SQL Injection vulnerability.
</p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
If user input is stored in a database by using one ASP page and then retrieved
from the database and used to construct dynamic SQL statements in a different
ASP page, then attackers can inject SQL commands into the SQL statement and
misuse it. This is generally referred to as Second Order SQL Injection
vulnerability.</p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
The best way to mitigate these vulnerabilities is to use Parameterized SQL
queries. You can find more information on SQL Injection vulnerabilities in ASP
and ways to mitigate them at
<a href="http://msdn.microsoft.com/en-us/library/cc676512.aspx">
http://msdn.microsoft.com/en-us/library/cc676512.aspx</a>.
</p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
The Microsoft � Source Code Analyzer for SQL Injection helps you find some of
these issues automatically.</p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<a name="Usage"><b style="mso-bidi-font-weight:normal"><u>
<span style="font-size:
14.0pt;mso-bidi-font-size:11.0pt;line-height:115%">Usage<o:p></o:p></span></u></b></a></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
msscasi_asp.exe [/nologo] [/quiet] [/suppress=num;..;num] [/GlobalAsaPath=path]
[/IncludePaths=path;..;path] /Input=file.asp</p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
Description:</p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<span style="mso-tab-count:1">
</span>This tool analyzes ASP code for SQL Injection vulnerabilities.</p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt">
<o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;mar
没有合适的资源?快使用搜索试试~ 我知道了~
SQL Injection攻击检测工具
共10个文件
dll:4个
exe:2个
manifest:1个
需积分: 10 15 下载量 200 浏览量
2009-04-25
14:05:57
上传
评论
收藏 2.91MB RAR 举报
温馨提示
SQL Injection攻击检测工具,对基于b/s架构的系统很有帮助,分析漏洞,减少攻击。
资源推荐
资源详情
资源评论
收起资源包目录
SQL Injection攻击检测工具.rar (10个子文件)
SQL Injection攻击检测工具
msscasi_asp_pkg.exe 1.43MB
Microsoft Source Code Analyzer for SQL Injection
msvcm90.dll 220KB
msvcr90.dll 641KB
Microsoft.Analysis.AspParser.dll 101KB
Readme.html 207KB
Microsoft.VC90.CRT.manifest 524B
license.rtf 144KB
msscasi_asp.exe 4.5MB
msvcp90.dll 556KB
urlscan_v3_beta_x86.msi 346KB
共 10 条
- 1
资源评论
codeshark
- 粉丝: 46
- 资源: 19
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功