Microsoft has taken UrlScan Filter 3.0 out of Beta development stage and made the tool available for download. The UrlScan 3.0 filter can easily be deployed to prevent SQL injection attacks.

The gold code of UrlScan 3.0 that went live on the Microsoft Download Center on August 21 is designed to integrate seamlessly with Internet Information Services 5.1, 6.0 and 7.0 running on top of Windows Server 2008, Windows Server 2003, Windows Vista and Windows XP.

"UrlScan v3.0 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from being processed by web applications on the server. UrlScan v3.0 has feature upgrades and fixes from its predecessor (v2.5) such as the ability to scan query strings, the ability to custom tailor rules that scan parts of your HTTP requests and many others.

The UrlScan 3.0 filter can easily be deployed to mitigate SQL injection attacks while the root cause is being fixed. Remember, UrlScan 3.0 is merely a stopgap giving you time to address flaws in Web application code that might make it vulnerable to SQL injection attacks – not fixing the root cause allows the risk to remain.

Download at source
Source