If you're worried about SQL injection in your applications there are several steps you can take.
Firstly, you should periodically scan your app. Both Burp Suite[1] and Netsparker[2] have free versions of their excellent tools. Burp Suite Pro comes with a very capable scanner and is about $250 (£175). Netsparker Community Edition is a fairly good automated scanner, but it doesn't cover all forms of SQL injection and the full version is quite expensive.
Running Wordpress? Head to Sucuri[3] and get your wordpress scanned. If you haven't upgraded already, now's the time.
Once you've done that, things vary according to your language and platform. Generally OWASP[4] is the font of (almost) all knowledge. You can test the app but if you wrote it you're probably more familiar with the code, so looking at how you handle user-supplied input and applying consistent changes where needed is probably your best bet. If you get really stuck, there are plenty of security geeks on HN, or alternatively you can drop me an email (address in my profile) and I'll see if I can answer your question. Alternatively if you're in London, come to DC4420[5] next month, there's going to be about 200-300 security geeks there, many of whom would be happy to help with specific questions in exchange for a beer. I'll be one of them.
Firstly, you should periodically scan your app. Both Burp Suite[1] and Netsparker[2] have free versions of their excellent tools. Burp Suite Pro comes with a very capable scanner and is about $250 (£175). Netsparker Community Edition is a fairly good automated scanner, but it doesn't cover all forms of SQL injection and the full version is quite expensive.
Running Wordpress? Head to Sucuri[3] and get your wordpress scanned. If you haven't upgraded already, now's the time.
Once you've done that, things vary according to your language and platform. Generally OWASP[4] is the font of (almost) all knowledge. You can test the app but if you wrote it you're probably more familiar with the code, so looking at how you handle user-supplied input and applying consistent changes where needed is probably your best bet. If you get really stuck, there are plenty of security geeks on HN, or alternatively you can drop me an email (address in my profile) and I'll see if I can answer your question. Alternatively if you're in London, come to DC4420[5] next month, there's going to be about 200-300 security geeks there, many of whom would be happy to help with specific questions in exchange for a beer. I'll be one of them.
[1] - http://www.portswigger.net/
[2] - http://www.mavitunasecurity.com/
[3] - http://www.sucuri.net/
[4] - http://www.owasp.org/index.php/SQL_Injection_Prevention_Chea...
[5] - http://www.dc4420.org/