I recently posted about 500,000 sites having been subjected to SQL injection attacks. For the most part, these were old ASP sites. Frankly, I didn't realize there were that many ASP sites still in existence, let alone badly coded! However, both PHP and ASP.NET sites were attacked also. Let's be clear about this: we are talking about bad coding practices here and not about any specific security flaw per-se.
Comments: