Microsoft released two new SQL injection defense and detection tools, URLScan 3.0 and Microsoft Source Code Analyzer for SQL Injection (MSCASI). In addition, HP Scrawlr , a SQL injection detection tool developed by HP Web Security Research Group in conjunction with Microsoft is announced seperately.
Each of these tools works differently and each attacks the SQL injection problem from a different angle, and in combination they complement each other well. MSCASI analyzes classic ASP source code to find potential SQL injection vulnerabilities. It can detect both first- and second-order SQL injection bugs and will point you to the exact line of source code where the error occurs.