HP e Microsoft hanno rilasciato due tool per l’analisi del codice alla ricerca di SQL injection
- HP Scrawlr: Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly.
- Microsoft Source Code Analyzer for SQL Injection: Microsoft Source Code Analyzer for SQL Injection is a static dataflow analysis tool to help find SQL Injection vulnerabilities in Active Server Pages (ASP) code.
Sul blog Security Vulnerability Research & Defense c’è un confronto tra Scrawlr, MSCASI e UrlScan.