Saw this in the MSDN flash yesterday, MS has a new Silverlight site up (newest toy and all!) that focuses on security, but the part that intriged me is if you click on the virtual labs, there are some great exercises that walk you through actually hacking sites using various techniques including our favorite - sql injection! Pass this link on to your developers, even in 2008 there are still people who don't know about sql injection.
I'm Andy Warren, currently a SQL Server trainer with End to End Training. Over the past few years I've been a developer, DBA, and IT Director. I was one of the original founders of SQLServerCentral.com and helped grow that community from zero to about 300k members before deciding to move on to other ventures.