> In reading about this I didn't see how it could happen, i.e., how this > could squeak through a JSP-based system even if it did have a SQL backend. > > If you have a handy reference it'd be much appreciated. Thanks!
Here's a cool video on the subject from one of Google's security people. http://www.youtube.com/watch?v=jC6Q1uCnbMo /Janne
