Archives
-
How IIS can help with SQL Injection
2008 has been a busy year for attackers exploiting SQL Injection vulnerabilities in web applications. Once again, I am finding questions about this subject in my inbox.
-
Filtering for SQL Injection on IIS 7 and later
This article is specific to IIS 7 and later. If you are using IIS 6.0 or earlier, please see this article.
-
Filtering for SQL Injection on IIS 6 and earlier
This article is specific to IIS 6 and earlier. If you are using IIS 7.0 or later, please see this article.
-
UrlScan 3.1
Earlier this year, it came to our attention that our customers were being subjected to a SQL Injection attack. In response to that, we updated the venerable UrlScan filter and released version 3.0 with new features that provide tools to provide some mitigation and allow users to address issues in their affected applications.
-
UrlScan v3.0 Beta Release
The IIS team has some street smarts when it comes to security.