Microsoft released The Microsoft Source Code Analyzer for SQL Injection tool (for ASP code) is available to find SQL injection vulnerabilities [more]

The Microsoft Source Code Analyzer for SQL Injection tool is a static code analysis tool that helps you find SQL injection vulnerabilities in Active Server Pages (ASP) code. This article describes how to use the tool, the warnings that are generated by the tool, and the limitations of the tool. See the tool Readme document for more information.

Note that this is a static source code analyzer and thus must be run in the machine (IMHO, preferably not in production - though since it analyzes source code it is non intrusive) where the source code resides.