Follow-up from previous SQL Injection post.

So first off, Thank you to Jim Manico for his comment on my previous post which lead me to create this post. I will includes quotes from Jim’s comment for reference here. JM: “I think you are terribly wrong, and its important we clear this up.” No worries I appreciate your candour. Everyone is entitled…


“there is no bigger attach vector than with a parameterized sp” NOT!!

I recently posted an article on our ACE Team blog (you can read it here if you are interested) There were a few comments about the use of Dynamic SQL that made me realise that not everyone “get’s it” yet. Here are the comments that started the discussion: Alastair Upton said: Shouldn’t Rule #4 read…


Rules to stop bad guys

I just posted an article to our team blog about simple development rules to stop the bad guys. Head over and have a read. You can find the post on the ACE Team blog. I know it’s a repost, but sometimes it beats re-writing. 😉