I recently had a discussion about web app security and we were talking about the not-so-distant past when SQL-injection was the scariest thing since polio.  90% of these attacks didn't try to return everyone's credit card information from a database (people knew pretty early to be careful when storing this stuff), they were attempts to simply return a username and password.  

(more…)