question

mohsenMJ-8783 avatar image
0 Votes"
mohsenMJ-8783 asked BruceZhang-MSFT edited

Where is Microsoft Source Code Analyzer for SQL Injection?

Hello,
How can I download Microsoft Source Code Analyzer for SQL Injection tool?


Thank you.

windows-serverwindows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

learn2skills avatar image
0 Votes"
learn2skills answered

Hi @mohsenMJ-8783

Refer to the below url
Getting started with Microsoft Source Code Analyzer for SQL Injection
https://techcommunity.microsoft.com/t5/sql-server/getting-started-with-microsoft-174-source-code-analyzer-for-sql/ba-p/383452


If the Answer is helpful, please click Accept Answer and up-vote, so that it can help others in the community looking for help on similar topics.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ErlandSommarskog avatar image
1 Vote"
ErlandSommarskog answered ErlandSommarskog edited

Refer to the below url
Getting started with Microsoft Source Code Analyzer for SQL Injection
https://techcommunity.microsoft.com/t5/sql-server/getting-started-with-microsoft-174-source-code-analyzer-for-sql/ba-p/383452

That article does indeed have a download link. However when you click it, there is nothing to download.

And maybe not that surprising, since the blog post is an announcement for a CTP and it was originally published in 2008.

I don't know anything about this tool, but the Google hits are all quite old. Some refer to a 1.3, but they are not from microsoft.com. It could be that the tool never made RTM, and the CTP is all there was. In any case, it does not seem to be available now.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

learn2skills avatar image
0 Votes"
learn2skills answered

Hi @mohsenMJ-8783

You can refer to the free and open source SQL injection tools.
https://resources.infosecinstitute.com/topic/best-free-and-open-source-sql-injection-tools/


Please let us know if you have further query on this and don’t forget to Accept the answer

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sreejukg avatar image
0 Votes"
sreejukg answered

You may use Code Analyzer that is available with Visual Studio.

https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/overview

Code quality analysis ("CAxxxx") rules inspect your C# or Visual Basic code for security, performance, design and other issues. Analysis is enabled, by default, for projects that target .NET 5.0 or later. You can enable code analysis on projects that target earlier .NET versions by setting the EnableNETAnalyzers property to true.

See the below rule that will help you to work against SQL Injection vulnerability

https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca3001

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.