ZDNet

Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers

There's been a lot of noise and violent thrashing over the last couple days regarding a flaw that was originally believed to be a flaw in Microsoft's IIS (Internet Information Server), but has since ...
Ars Technica

IIS/SQL authentication issue

I'm trying to copy an ASP.NET 2.0 application from one environment to another and having some issues.<BR><BR>The main problem is that the ASP.NET 2.0 application uses integrated authentication on both ...
Visual Studio Magazine

IIS Tool Filters SQL-Injection Attacks

Microsoft’s UrlScan 3.0 is an improved security filter for Internet Information Services Web server designed to prevent SQL-injection attacks. Microsoft released an improved security filter for its ...
Ars Technica

IIS, ASP.NET and SQL Connection Pooling

General question:<BR>We recently switched one of our applications to Application Role security, which mandates (because the backend is SQL2000) that we turn off .NET Connection pooling for the sql ...
CSOonline

APT group hits IIS web servers with deserialization flaws and memory-resident malware

A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET ...