SQL injection attacks are becoming as prolific as viruses: It seems every time you turn around, there are new reports about Web sites that have been affected by these attacks. For example, SQL injection attacks infiltrated the Department of Homeland Security's (DHS's) Web site and defaced the United Nations Web site. As SQL injection attacks become more common, you need to fully understand what you're up against so that you can properly protect your organization.
To arm yourself against SQL injection attacks, I suggest reading security expert Mark Joseph Edwards Security Matters blog on the Windows IT Pro Web site. His blog includes several posts that not only provide information about how the latest SQL injection attack tools work (as in his blog post "SQL Injection Attack Tool Spreading"), but also discuss how to prevent such attacks on your SQL Server and Oracle systems (as in his blog post "New Tricks For SQL Injection Attacks"). I also recommend reading the following SQL Server Magazine and Windows IT Pro articles, which provide more information about how to prevent SQL injection attacks:
To find out more about what SQL injection attacks involve, go to http://en.wikipedia.org/wiki/SQL_injection.