Rajeeshcv.com

Today I found a tool called Scrawlr that will help you to detect SQL injection loop holes in your web application. I hope it will be a good add-on to your archery against security attacks.

For those who don't know what is SQL injection –

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

Get more details about Scrawlr from here Check this

I think, you have all created session variables inside an asp.net application. Then how the web server is knows you are the same guy created that session when the successive request goes to the server. Before explain this, we have to think that every request that we sent from a web browser is considered as a new request by the IIS. This is the behavior of every web application i.e. the state less nature. For example if you open a url, first the browser sent a request for the default document. Then the browser parses the HTML response and it sends another set of requests based on the required images, scripts that are included in that page. Read more...