Are you a startup?
Get BizSpark cloud access
Get up to $3,700 of cloud benefits
Don’t have MSDN?
Here’s cloud access
Microsoft Security Advisory (954462): Rise in SQL Injectsion Attacks Exploiting Unverified User Data provides advice and tools to protect against a rise in SQL injection attacks. A recent escalation in attacks on Web sites exploits unverified user data input. The attacks target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database.
But the vulnerability is not exploited in Web applications that follow best practices to verify user data. The Security Advisory provides phone support for customers in the United States and Canada who may have been affected by the vulnerability. International customers are provided a link where you can get help locally.
The Security Advisory provides an overview of the issues, a section for frequently asked questions, and a series of suggestion actions that includes tools to help idenfify if your site is vulnerable.
To learn more about how you can protect your Web site from SQL Injection, see Microsoft Security Advisory (954462): Rise in SQL Injectsion Attacks Exploiting Unverified User Data.
Here's a great blog post on the US ISV Developer Evangelism Team blog that talks about Best Practices