AKA – WebInspect Lite. A free download.
In past months there have been several waves of SQL injection attacks that hook malicious software in to legitimate sites. End users’ machines that get infected are able to google for additional vulnerable sites and attack them, turning what used to be a skilled attack in to a web application worm. I wrote about this earlier.
HP has created a very trimmed down version of its WebInspect software that is able to crawl a website looking for SQL injection vulnerabilities. This scanner ONLY looks for one type of vulnerability and is not a full blown application security suite. It should not be used as such, but as a quick audit that your site is not the low hanging fruit that gets turned in to a portal for malicious software.
Since a lot of the websites getting pwned are ASP sites, Microsoft released a security advisory that recommends this as one of several steps website administrators/designers should take to secure their sites. If that title applies to you, it is your RESPONSIBILTY to protect the public by protecting your site.