This chapter showed the top threats to data access code and highlighted the common vulnerabilities. SQL injection is one of the main threats to be aware of. Unless you use the correct countermeasures discussed in this chapter, an attacker could exploit your data access code to run arbitrary commands in the database. Conventional security measures such as firewalls and SSL provide no defense to SQL injection attacks. You should thoroughly validate your input and use parameterized stored procedures as a minimum defense.