Chip Andrews points to this article called
Ten hacker tricks to exploit SQL Server systems by Kevin Beaver. In my opinion, this article is good for many reasons, but I will list my two primary reasons: 1) it shows you some of the common ways hackers can get into your SQL Server database beyond simple things like port 1434 being exposed and SQL Injection problems, and 2) it shows you some of the tools in use today that you, as a developer, can use to test your own systems for potential problems. In the security space, both developers and DBAs need to be aware of all these issues in order to properly defend "their database turf".