http://msmvps.com/blogs/bernard/archive/2008/06/25/how-to-detect-identify-and-defend-against-sql-injection.aspxSQL Injection has been around for many years :) and you probably get over 3 million results when you googled the term. so why is it so HOT now? Well, not so long ago some folks (don&#39;t ask me who!!, go read) were claiming that it was an IIS exploitenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/bernard/archive/2008/06/25/how-to-detect-identify-and-defend-against-sql-injection.aspx#1639058Wed, 02 Jul 2008 02:00:41 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1639058qbernard<p>For the urlscan the the hp scrawlr, both are done via http request and no source code is needed. Again, scarwlr is use to detect, while urlscan is defend, both didn&#39;t fix the issue at root.</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1639058" width="1" height="1">http://msmvps.com/blogs/bernard/archive/2008/06/25/how-to-detect-identify-and-defend-against-sql-injection.aspx#1638835Mon, 30 Jun 2008 03:21:02 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1638835walter<p>Unfortunately the URLSCan and Scrawlr only able to detect through SQL Injection that is through querystring. </p> <p>correct?</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1638835" width="1" height="1">