Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP) is a static code analyzer for classic ASP VBScript code that can help identify pages that may have SQL injection vulnerability.
This tool seems to only support vbscript ("The tool only understands ASP code written in VBScript"), and I think it only supports classic ASP, even for VBscript. I am wondering if there is a tool with a similar approach capable of working with ASP.NET code, especially with C # ASP.NET code.
You can take a look at Microsoft Code Analysis Tool for .NET (CAT.NET) You can download here http://www.microsoft.com/downloads/details.aspx?FamilyId=0178e2ef-9da8-445e-9348-c93f24cc9f9d&displaylang=en
It was also discussed on the Microsoft Security Tools Blog.
I do not think there is a .NET version of this tool. If you use parameters (which you should do most of the time), you are not vulnerable to most SQL injection attacks.