• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 536
  • Last Modified:

How to detect for Sql Injection, or any security issue in the asp.net MVC, Lync to Sql, c# code?

Hi,

I need to code review. Website is implemented in Asp.net mVC, c#, Lync to sql. Is there a tool that will run the c# code or run the website to find any sql injection, security issues.

thanks
0
Saroj13
Asked:
Saroj13
  • 2
1 Solution
 
käµfm³d 👽Commented:
Are you using any string-concatenated queries? Are you validating **all** user input, even querystrings and POST values? If you answered no to either, then you are vulnerable to SQL Injection.

There is an article here that discusses a couple of different options (none of which I have used myself):  http://www.arneswinnen.net/2013/09/automated-sql-injection-detection/
0
 
Saroj13Author Commented:
validating using asp.net validators, javascript, custom validation for every input and post values.

is there any tool? Is there any way to secure web.config?
0
 
käµfm³d 👽Commented:
web.config is not served by IIS at all, for obvious security reasons. If someone has gotten your web.config, then you've got bigger problems.

Wait for someone else to comment on testing tools. I haven't used any, so all I could offer you is what could be found in a search.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now