Cybercriminals are increasingly using automated SQL injection attacks powered by botnets to hit vulnerable systems
SQL injections top plenty of lists as the most prevalent means of attacking front-end Web applications and back-end databases to compromise data.
According to recent published reports, analysis of the Web Hacking Incidents Database (WHID) shows SQL injections as the top attack vector, making up 19 percent of all security breaches examined by WHID. Similarly, in the "Breach Report for 2010" (PDF) released by 7Safe earlier this month, a whopping 60 percent of all breach incidents examined involved SQL injections.
See more : http://www.darkreading.com