Reputation: 10216
ASP.NET / C# Equivalent of Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP)?
Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP) is a static code analyzer for classic ASP VBScript code that can help identify pages that might have a sql injection vulnerability.
That tool seems to only support vbscript ("The tool understands only ASP code that is written in VBScript"), and I think it only supports Classic ASP even for VBscript. I'm wondering if there is a tool with a similar approach capable of working with ASP.NET code, especially C# ASP.NET code.
Upvotes: 4
Views: 2162
Answers (2)
Reputation: 129
You could take a look at the Microsoft Code Analysis Tool for .Net (CAT.NET) You can find a download here http://www.microsoft.com/downloads/details.aspx?FamilyId=0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en
Also it's discussed on the Microsoft Security Tools Blog
Upvotes: 4
Reputation: 421978
I don't think there's a .NET version of that tool. If you are using parameters (which you should do most of the time,) you are not vulnerable to most of the SQL injection attacks.
Upvotes: 0
Related Questions
- Visual Studio Db project with custom static code analyzer
- Pentesting a website for SQL Injection
- SQL Server static Analysis tool?
- Is there a static analysis tool for identifying sql injection for php/mysql
- Check for SQL Keywords in C#
- c# website - analysing code and queries
- Seeking a Code Analysis Tool for ASP.Net
- Sql's query analyzer for visual studio
- Anybody written a tool for static analysis of an ASP.NET MVC application?