http://msmvps.com/blogs/bradley/archive/2008/05/31/sql-injection-information-from-harry-s-blog.aspxWhile the default apps on a SBS 2003 (and upcoming SBS 2008) go through a SDL process so that I&#39;m not concerned about SQL injection possibilities on my SBS box (nor do I have SharePoint exposed anyway) when you have third party and home grown appsenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/bradley/archive/2008/05/31/sql-injection-information-from-harry-s-blog.aspx#1630377Mon, 02 Jun 2008 17:41:05 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1630377Nico<p>A lot of the Microsoft best practices really are sound. &nbsp;But if you want to go ahead and use a brute force tool to see if your system is easily hack-able, I hear good things about sqlninja. &nbsp;In the end, though, it usually boils down to not concatenating SQL statements and also proper escaping of input fields.</p> <p>**************</p> <p>Nico del Castillo</p> <p>Microsoft Security Outreach Team</p> <p>www.microsoft.com/hellosecureworld7</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1630377" width="1" height="1">http://msmvps.com/blogs/bradley/archive/2008/05/31/sql-injection-information-from-harry-s-blog.aspx#1630059Mon, 02 Jun 2008 00:59:42 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1630059Jason Haley<img src="http://msmvps.com/aggbug.aspx?PostID=1630059" width="1" height="1">http://msmvps.com/blogs/bradley/archive/2008/05/31/sql-injection-information-from-harry-s-blog.aspx#1629761Sat, 31 May 2008 23:30:09 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1629761harry brelsford<p>what...whats this....another harry?</p> <p>:)</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1629761" width="1" height="1">