[From Network World
The year 2008 can be viewed as the year of the SQL injection attack, according to IBM's Internet Security Systems "X-Force 2008 Trend Statistics" report issued Monday.
"SQL injection, in particular, took off in 2008," says X-Force researcher Tom Cross, noting that the annual trend report concludes that 55% of all vulnerability disclosures made by vendors affected Web applications, a number that does not include custom-developed Web applications. Of those vulnerability disclosures, SQL injection-related vulnerabilities jumped 134% to replace cross-site scripting as the predominant type of Web application vulnerability last year.
The article continues at