SDL Quick Security Reference: Cross-site Scripting and SQL Injection Attacks
The SDL Quick Security References will help you better understand and address common attacks that may be affecting your software, Web sites, and users. With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the perspective of multiple business roles - business decision maker, architect, developer, and tester/QA. These papers will help you address a critical business problem now while moving you toward SDL adoption in the future.
SDL Quick Security Reference: Cross-site Scripting and SQL Injection Attacks