I didn't know where to post this or if it is a re post but I found this to be very interesting.http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html

My question is though how would I demonstrate this to my organization? I have brought it to their attention and we to meet to discuss the implications.

Well for the CEH I am about to do it with InfoSec

Humv can you provide us with an update? Thanks

Very informative post Simon.Very informative............

Interesting stuff. Would this work against applications that use stored procedures? So instead of using the parameters passed on the url directly in a dynamic query I would pass it as a variable to a stored procedure.
ex.
create procedure HackProof
 @parm as varchar(10),
 @parm2 as varchar(10)
begin
  select data
    from table
   where field  = @parm
     and field2 = @parm2
end

Thanks for the reply I appreciate it. My experience in IT security has been centered mainly around software development. However I have always been interested in computer security and have read some hacking material such as Hacking Exposed etc. So yeah my experience in IT security is limited.  I have been looking at the Security+ cert and a lot of reviews I have read concur with what your saying. But I would like hands on stuff, I would like to see the stuff I have read about in action thats how I want to be inducted. Hence my leaning towards the CEH cert.

Hi Guys,
I have been an IT professional for the past 5 years now where my focus has been on Software development. I would however like to get into the field of Security. The idea is to complement my programming skills with hands on knowledge of the IT security sector. In doing my research I came across the EC-Council's CEH certification and got interested. I have read several comments that state that the certification is a good starting point to get my feet wet. I have also read that the material covered is outdated and that a lot of the exploits no longer work. I think the negative review was in reference to v4 which has since been through 2 iterations.

So I am at a cross roads and would like some help to make an informed decision. I would like to do the course and am leaning towards a classroom/bootcamp setup.
The question I have is where should I do this course? I have narrowed it down to the InfoSec Institute and the ChicagoCon and have been in contact with the former. Their instructors seem to be the best with names like Jack Koziol, Dan Hestad, Bryce Galbraith, Andres Andreu, Trevor Hawthorn,and Nate Miller being bandied about. I have also been looking at the ChicagoCon and that seems to be very interesting.

So help me make a decision