How "·$% developers defeat the web vulnerability scanners
ShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCON 2009 : Re-playing with (Blind) SQL Injection
downloaded from here
Time-Based Blind SQL Injection using Heavy Queries