Joel on SQL Injection

Another good post by Joel Spolsky. This one I've seen myself happening often.

I work in a company where data security is taken seriously and that is the way it should be. We are very aware, and trained, as software developers to try to build our sites as secure as we can make them. I always look for common vulnerabilities in my code, SQL Injection bugs being one of the most common things I look for.

Not only I want to produce good and secure code, but I would have egg on my face if I failed a Penetration test (and we have those done often to our apps), by such a basic oversight.

Try what Joel did in sites that ask you questions to get you some data. You'll be surprised how prevalent this very serious bug is out there.