Dark Reading

A Weapon Against SQL Injection

The single most common database security inquiry I get is, "What's this whole stored procedure parameter thing, and how does it help with SQL injection?"With the Albert Gonzales hearings under way, ...
Ars Technica

Google crawler tricked into performing SQL injection attacks using decade-old techniq

If the attacker wants to receive some output of the database he could combine an sql injection with an html injection. First inject malicious html in the databse, then the html will be put in the site ...