The post review the concept of SQL Injection attacks, to introduce URLScan 3.0, and to discuss how to configure URLScan 3.0 to block a SQL Injection attack that uses the Cookie header of an HTTP request as its attack vector.
What is a SQL Injection Attack? There is a wealth of information online about SQL Injection Attacks and how to avoid them. As explained on MSDN, a SQL Injection attack is “..an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.” (http://msdn.microsoft.com/en-us/library/ms161953.aspx). It is important to keep SQL Injection attacks in mind if you host a web application on IIS, and that web application accepts user input (like in a form on a webpage) that is then sent to a backend database.
What is URLScan 3.0? URLScan 3.0 is Microsoft’s newest version of the popular ISAPI filter that extends the security features already built in to IIS. URLScan 3.0 adds some really great features into the IIS security arsenal, particularly in the area of blocking and filtering malicious HTTP requests. URLScan 3.0 is fully supported on IIS 5.1, 6.0, and 7.0. To obtain URLScan 3.0, use one of the links below: