One of the basic but important security issues in web development that you should pay attention to is SQL Injection. Recently HP released a free tool called Scrawlr to test such vulnerabilities.

This tool checks your pages using a simple crawler or Google query and find any SQL Injection problems. This tool can only check issues on GET parameters.

You can check up to 1500 URL in each web site using this free tool.

Download: https://download.spidynamics.com/Products/scrawlr/

It’s so easy to use powerful ASP.NET Membership, Role and Profile provider in a Windows or Console application. Only one key point remains here; you should add an app.config file to your Console or Windows application and include these nodes in that:

<?xml version='1.0' encoding='utf-8'?>
<configuration>
    <connectionStrings>
        <add name="SQLConnString" connectionString="SERVER=(local);DATABASE=SampleApp;UID=sa;PWD=123"/>
    </connectionStrings>
    <system.web>

        <membership defaultProvider="SampleAppMembershipProvider">
            <providers>
                <add name="SampleAppMembershipProvider"
                     connectionStringName="SQLConnString"
                      applicationName="SampleAppMembership"
                      enablePasswordReset="true"
                      enablePasswordRetrieval="false"
                      passwordFormat="Hashed"
                      maxInvalidPasswordAttempts="100"
                      minRequiredPasswordLength="5"
                      minRequiredNonalphanumericCharacters="0"
                      requiresQuestionAndAnswer="false"
                      requiresUniqueEmail="true"
                      passwordAttemptWindow="5"
                      passwordStrengthRegularExpression=""
                      type="System.Web.Security.SqlMembershipProvider" />
            </providers>
        </membership>

        <profile defaultProvider="SampleAppProfileProvider">
            <providers>
                <add name="SampleAppProfileProvider"
                type="System.Web.Profile.SqlProfileProvider"
                connectionStringName="SQLConnString"/>
            </providers>
            <properties>
                <add name="FirstName" type="System.String" />
                <add name="LastName" type="System.String" />
                <add name="Email" type="System.String" />
                <add name="Website" type="System.String" />
                <add name="Address" type="System.String" />
                <add name="Note" type="System.String" />
                <add name="Phone" type="System.String" />
                <add name="Fax" type="System.String" />
                <add name="Feature" type="System.Int32" />
            </properties>
        </profile>

        <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="SampleAppSqlRoleProvider" 
                 cookieName=".ASPXSampleAppROLES" cookiePath="/" cookieTimeout="30" cookieRequireSSL="false" 
                 cookieSlidingExpiration="true" createPersistentCookie="false" cookieProtection="All">
            <providers>
                <clear/>
                <add name="SampleAppSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, 
                      System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" 
                      connectionStringName="SQLConnString" applicationName="SampleAppRoles"/>
            </providers>
        </roleManager>
    </system.web>
</configuration>