Detect SQL Injection

Question

I came to a company that already has a fully grown project... but coders that worked here before me didn\'t follow conventions and didn\'t use parametrized SQL queries... as

Answer 1

You could give the MS Code Analysis Tool a whirl which (quote):

CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.

Never used it myself, but might be worth a try.