Saw this in the MSDN flash yesterday, MS has a new Silverlight site up (newest toy and all!) that focuses on security, but the part that intriged me is if you click on the virtual labs, there are some great exercises that walk you through actually hacking sites using various techniques including our favorite - sql injection! Pass this link on to your developers, even in 2008 there are still people who don't know about sql injection.