1 Microsoft Source Code Analyzer for SQL Injection
官方下载:http://www.microsoft.com/downloads/details.aspx?FamilyId=58A7C46E-A599-4FCB-9AB4-A4334146B6BA&displaylang=en 这款被称作 MSCASI 的工具可以检测 ASP 代码并发现其中的 SQL INJECTION 漏洞(ASP 代码以 SQL INJECTION 漏洞著称),你需要向 MSCASI 提供原始代码,MSCASI 会帮你找到存在风险的代码位置。
2 URLScan 3.0
官方下载:下载地址: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1697 该工具会让 IIS 限制某些类型的 HTTP 请求,通过对特定 HTTP 请求进行限制,可以防止某些有害的请求在服务器端执行。UrlScan 通过一系列关键词发现恶意请求,并阻止恶意请求的执行
以下是官方网站简介:
UrlScan version 3.1 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) 6.0 will process. UrlScan screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator. Filtering requests helps secure the server by ensuring that only valid requests are processed.
Most malicious attacks share a common characteristic in that the attack involves the use of a request that is unusual in some way. For instance, the request might be extremely long, request an unusual action, be encoded using an alternate character set, or include character sequences that are rarely seen in legitimate requests.
By filtering unusual requests, UrlScan helps prevent such requests from reaching the server and potentially causing damage. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from reaching the server. UrlScan verision 3.0 security tool will install on IIS 5.1 and later, including IIS 7.
The UrlScan version 3.1 security tool gives administrators even greater control over UrlScan configuration, providing functionality that helps administrators further secure and lock down the server.
New features include:
The UrlScan version 3.1 security tool helps protect your server from attacks by filtering requests based on rules that you set. The rules enforce processing of only valid requests by the Web server. Even though UrlScan helps provide additional security for your IIS 5.1 or later web server, you should always evaluate and apply the latest security updates from Microsoft. As new security vulnerabilities are discovered, Microsoft publishes updates such as service packs, patches, or hotfixes. To help mitigate any risks such vulnerabilities might present, you need to apply these security updates as they become available.
The following prerequisites must be fulfilled in order to install the new URLScan:
3 Scrawlr
官方下载:https://download.spidynamics.com/Products/scrawlr/ 这个微软和 HP合作开发的工具,会在网站中爬行,对所有网页的查询字符串进行分析并发现其中的 SQL INJECTION 风险。Scrawlr 使用了部分 HP WebInspect 相同的技术,但只检测 SQL INJECTION 风险。Scrawlr 从一个起始 URL 入口,爬遍整个网站,并对站点中所有网页进行分析以找到可能存在的漏洞。
推荐绿色版:http://www.xdowns.com/soft/8/19/2008/Soft_44111.html