<div>
Are you using any string-concatenated queries? Are you validating **<b><i>all</i></b>** user input, even querystrings and POST values? If you answered no to either, then you are vulnerable to SQL Injection.<br />
<br />
There is an article here that discusses a couple of different options (none of which I have used myself): &nbsp;<a href="http://www.arneswinnen.net/2013/09/automated-sql-injection-detection/" rel="ugc">http://www.arneswinnen.net/2013/09/automated-sql-injection-detection/</a>
</div>


Are you using any string-concatenated queries? Are you validating **all** user input, even querystrings and POST values? If you answered no to either, then you are vulnerable to SQL Injection.

There is an article here that discusses a couple of different options (none of which I have used myself):  http://www.arneswinnen.net/2013/09/automated-sql-injection-detection/ [http://www.arneswinnen.net/2013/09/automated-sql-injection-detection/]

<div>
validating using asp.net validators, javascript, custom validation for every input and post values.<br />
<br />
is there any tool? Is there any way to secure web.config?
</div>


validating using asp.net validators, javascript, custom validation for every input and post values.

is there any tool? Is there any way to secure web.config?

<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
I need to code review. Website is implemented in Asp.net mVC, c#, Lync to sql. Is there a tool that will run the c# code or run the website to find any sql injection, security issues.<br />
<br />
thanks
</div>
</div>


Hi,

I need to code review. Website is implemented in Asp.net mVC, c#, Lync to sql. Is there a tool that will run the c# code or run the website to find any sql injection, security issues.

thanks

How to detect for Sql Injection, or any security issue in the asp.net MVC, Lync to Sql, c#  code?

C# is an object-oriented programming language created in conjunction with Microsoft’s .NET framework. Compilation is usually done into the Microsoft Intermediate Language (MSIL), which is then JIT-compiled to native code (and cached) during execution in the Common Language Runtime (CLR).

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications