I am not scared of sql injection!
How can I do it, if my encapsulation is severe levels deep?
My UI is having a Data Transfer Object that is serialized, passed to webservice, passed to a validation program and then passed to data access program. Here I am not having any parameters and using direct insert statementes. How can you inject me?