|
WebApp Sec
mailing list archives
IIS 6 SQL Injection Prevention ISAPI (GNU License)
From: "Rodney Viana (Plenux)" <rodney () plenux com>
Date: Wed, 13 Feb 2008 08:53:32 -0600
Hi All,
IIS 6 SQL Injection Prevention ISAPI (GNU License):
http://www.codeplex.com/IIS6SQLInjection
I created an ISAPI dll application to prevent SQL Injection attempts by
intercepting the HTTP requests and sanitizing both GET and POST variables
(or any combination of both) before the request reaches the intended code.
This is especially useful for legacy applications not designed to deal with
MS SQL Server Injection attempts. Though this application was designed with
MS SQL Server in mind, it can be used with no or minimal changes with other
database engines.
This ISAPI is only compatible with Internet Information Server (IIS) 6.0
which comes with Windows 2003. Windows XP uses IIS 5 engine which DOES NOT
support ISAPI Wildcard. The source code is included.
Cheers,
Rodney Viana, PMP
MCSE+I MCDBA MCT MCTS MOSS, SQL
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- IIS 6 SQL Injection Prevention ISAPI (GNU License) Rodney Viana (Plenux) (Feb 13)
|
Intro
