Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 551
  • Last Modified:

How to detect for Sql Injection, or any security issue in the asp.net MVC, Lync to Sql, c# code?

Hi,

I need to code review. Website is implemented in Asp.net mVC, c#, Lync to sql. Is there a tool that will run the c# code or run the website to find any sql injection, security issues.

thanks
0
Saroj13
Asked:
Saroj13
  • 2
1 Solution
 
käµfm³d 👽Commented:
Are you using any string-concatenated queries? Are you validating **all** user input, even querystrings and POST values? If you answered no to either, then you are vulnerable to SQL Injection.

There is an article here that discusses a couple of different options (none of which I have used myself):  http://www.arneswinnen.net/2013/09/automated-sql-injection-detection/
0
 
Saroj13Author Commented:
validating using asp.net validators, javascript, custom validation for every input and post values.

is there any tool? Is there any way to secure web.config?
0
 
käµfm³d 👽Commented:
web.config is not served by IIS at all, for obvious security reasons. If someone has gotten your web.config, then you've got bigger problems.

Wait for someone else to comment on testing tools. I haven't used any, so all I could offer you is what could be found in a search.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now