ASP.NET / C# Equivalent of Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP)?

StackOverflow https://stackoverflow.com/questions/1235883

Question

Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP) is a static code analyzer for classic ASP VBScript code that can help identify pages that might have a sql injection vulnerability.

That tool seems to only support vbscript ("The tool understands only ASP code that is written in VBScript"), and I think it only supports Classic ASP even for VBscript. I'm wondering if there is a tool with a similar approach capable of working with ASP.NET code, especially C# ASP.NET code.

Was it helpful?

Solution

You could take a look at the Microsoft Code Analysis Tool for .Net (CAT.NET) You can find a download here http://www.microsoft.com/downloads/details.aspx?FamilyId=0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en

Also it's discussed on the Microsoft Security Tools Blog

OTHER TIPS

I don't think there's a .NET version of that tool. If you are using parameters (which you should do most of the time,) you are not vulnerable to most of the SQL injection attacks.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top