SQL injection attack (CERT, 2002) is one of the most prevalent security problems faced by today’s security professionals. It is today the most common technique to indirectly attack Web-powered databases and disassemble effectively the secrecy, integrity and availability of Web portals. The basic idea behind this insidious and pervasive attack is that predefined logical expressions within a pre-defined query can be altered simply by injecting operations that always result in true or false statements. With this simple technique, the attacker can run arbitrary SQL queries and thus s/he can extract sensitive customer and order information from e-commerce applications, or she/he can bypass strong security mechanisms and compromise the back-end databases and the file system of the data server. Despite these threats, a surprisingly high number of systems on the internet are totally vulnerable to this attack.