SQL Injection

by Jack Richins

Bruce Schneier linked to this clever use of Google to search for SQL Injection vulnerable websites.

All I can say is wow! 11.3% web sites. I would hope these are largely abandoned web sites, but they probably aren’t. If you are using SQL Server, check out this MSDN entry on ways to avoid SQL Injection (and of course an explaination of why it’s so bad).