It amazes me (almost) to see the latest news of thousands of Web sites that have been compromised with one of the oldest tricks in the book: SQL Injection. It is almost ridiculously easy to find sites that can be exploited. Michael Sutton of SPIdynamics/HP tells you how he came across more than 80 of them in a small sample by writing some quick code using Google’s APIs here.

I wrote a paper several years ago for Breach Security about the subject that is still relevant that you can download here: Breach Anatomy_of_a_Web_Hack.