Several Tools to Prevent Webpage from Being Embedded with Trojan Horse

In the previous blog post, it was mentioned that a common reason for domestic websites being compromised is SQL injection attacks.

So, apart from paying attention during web development, are there any effective tools to counter SQL injection attacks?

Today, Microsoft and HP's security departments have collaborated to release three tools:

1. **Microsoft SQL Injection Source Code Scanner**: Microsoft Source Code Analyzer for SQL Injection (MSCASI). This tool is designed for website developers. It is a static scanner for ASP code that can identify vulnerabilities related to first-order and second-order SQL injection attacks.

Tool download link: [http://support.microsoft.com/kb/954476](http://support.microsoft.com/kb/954476)

2. **HP’s Scrawlr tool**: This tool can be used by website administrators. It is a black-box scanning tool that does not require source code. You specify a starting URL for scanning. While it cannot precisely locate code vulnerabilities (since it is a black-box test), it is still effective in identifying potential issues.

Tool download link: [http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx](http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx)

3. **Microsoft’s URLScan 3.0 Beta**: This tool can also be used by website administrators. It is an input filtering tool. If you discover that your site has been attacked by SQL injection, you can use this tool to filter out malicious inputs while simultaneously patching the code vulnerabilities. Of course, fixing the vulnerabilities in the code is the true solution to completely avoid SQL injection attacks.

Tool download link: [http://blogs.iis.net/wadeh/archive/2008/06/05/urlscan-v3-0-beta-release.aspx](http://blogs.iis.net/wadeh/archive/2008/06/05/urlscan-v3-0-beta-release.aspx)

There is further description available on SWI’s blog: [http://blogs.technet.com/swi/archive/2008/06/24/new-tools-to-block-and-eradicate-sql-injection.aspx](http://blogs.technet.com/swi/archive/2008/06/24/new-tools-to-block-and-eradicate-sql-injection.aspx)

So, how do these three tools work together? Below is an example:

**Step 1**: The website administrator uses Scrawlr to scan the website to check for SQL injection vulnerabilities.

**Step 2**: After discovering vulnerabilities, the administrator notifies the developers. The developers then use MSCASI to perform a static scan of the ASP source code to determine which parts of the code are causing the SQL injection vulnerabilities.

**Step 3**: While the developers are patching the vulnerabilities, the administrator can use URLScan to filter out possible malicious inputs, ensuring the security of the website.

The combined use of these three tools can significantly reduce the likelihood of a website being compromised. To be honest, there are far too many websites being compromised these days!