Microsoft released The Microsoft Source Code Analyzer for SQL Injection tool (for ASP code) is available to find SQL injection vulnerabilities [more]
code analysis tool that helps you find SQL injection vulnerabilities in
Active Server Pages (ASP) code. This article describes how to use the
tool, the warnings that are generated by the tool, and the limitations
of the tool. See the tool Readme document for more information.
Note that this is a static source code analyzer and thus must be run in the machine (IMHO, preferably not in production – though since it analyzes source code it is non intrusive) where the source code resides.