[ insider_reports_insider ]
HP Writes Scrawlr For SQL Injection Detection
David Utter
Staff Writer
2008-06-25
 Insider Reports RSS Feed
A recent spate of thousands of SQL injection attacks across the Internet created the need for a tool to diagnose a website's potential vulnerability to them.
 | | HP Writes Scrawlr For SQL Injection Detection |  |
One can't fix a problem without discovering the problem first, but in the case of security pros tasked with protecting websites from code injection attacks, the challenge looked painstaking at best.
Tech giant HP responded to the need for a better testing tool by releasing a freely-available tool called Scrawlr. They developed Scrawlr in response to a request from Microsoft; it was Microsoft's IIS/ASP combo that appeared to be targeted by the injection attacks.
The attacks reached out to other sites based on PHP applications as well, demonstrating the necessity for a broader approach to finding weak spots in websites.
"Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities," HP said of the tool. When it finds a problem, Scrawlr can display the type of database being used on the back-end, along with a list of available table names.
As a free variant of HP's commercial offerings, Scrawlr lacks some of the features of HP's premium products. But at a cost of free, Scrawlr merits a look from security pros. Even one vulnerability found could be the difference between a secure site and a headline about a security breach.
View All Articles by David Utter
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
