I’ve read several programming books this year and not one of them has bothered to include a chapter on security, including “The ASP.NET 2.0 Anthology”. I’ve also noticed that the programmer elite has nothing to say about security; no blog posts or mention of it when complaining about the shoddy work in the profession. Now there is news of a massive SQL Injection attack and nobody is trying to educate developers about how to deal with it. Unfortunately I have inherited a classic ASP web application that is probably extremely vulnerable so I’ll have to study stored procedures today.