Incase you are unfamiliar, there is a good article up on securitydocs.com exaplaining what a sql injection attack is and giving some practical examples on how they work and how easily they can be executed.

It seems to do this by looking at how your code deals with input accepted from the Request.Form and Request.Querystring and making sure it goes through some kind of filtering.  Anyway- have a butchers at the tool yourself. The article title is "The Microsoft Source Code Analyzer for SQL Injection tool is available to find SQL injection vulnerabilities in ASP code" and the applications name is "msscasi_asp.exe"- i only mention this as Microsoft seem to frequently reshuffle their pages breaking loads of links so you may some to this article and find just a 404 so this will allow you to do a site search!

The article also makes a mention of a similar tool created by HP called scrawlr which is available here

Related posts:

• WatiN Testing Tools
• Random Band Generator!
• Runaway Sharepoint 2003 Indexing!