Many times we miss security testing or we will do in last minute. Due to this we dont have enough time to fix the issues or we may put application into production with security risks. What we need to do?
Step 1: Plan Security Testing as part of Testing efforts.
Step 2: Educate developers about security risks in application
Step 3: Do security testing earliest and fix issues as early as possible.
Some links for reference.
Open Web Application Security Project (OWASP) – http://www.owasp.org
An introduction to SQL injection: http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf
SQL Injection: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
SQL Injection by example: http://unixwiz.net/techtips/sql-injection.html