Building Secure Software: How to Avoid Security Problems the Right Way , by John Viega and Gary McGraw. Addison-Wesley Professional, 2001.
"SQL Injection: Are Your Web Applications Vulnerable?" SPI Dynamics. (http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf )
"Blind SQL Injection: Are Your Web Applications Vulnerable?" SPI Dynamics. (http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf )
"Advanced SQL Injection In SQL Server Applications." NGSS. (http://www.nextgenss.com/papers/advanced_sql_injection.pdf )
"(more) Advanced SQL Injection." NGSS. (http://www.ngssoftware.com/papers/more_advanced_sql_injection.pdf )
"Blindfolded SQL Injection." WebCohort. (http://www.webcohort.com/Blindfolded_SQL_Injection.pdf )