Unit tests are especially good at preventing regressions, e.g. Adam Customer uses the calculator utility inside your application; the unit test is unable to launch the calculator, therefore the build is broken and shall not be delivered to Adam Customer.

SQL syntax.

So imagine your website has such (very naïve) server logic:

sql_stmt = "SELECT UserID, Username FROM Users WHERE Username = '"
                + form.fields["username"]
                + "' AND Password = '"
                + hash_password(form.fields["password"])
                + "';";
execute_sql(database, sql_query)

If you put '; DROP TABLE Users; -- as a username in the form, then the statement gets compiled as the following:

SELECT UserID, Username FROM Users
WHERE Username = ''; DROP TABLE Users; -- ' AND Password = '###########…';

Since -- marks the beginning of a comment line, it effectively neuters the statement and makes it drop (delete) the Users table.

Some people would gain admin privilege by adding stuff like UPDATE TABLE Users SET IsAdmin = 1 WHERE Username = 'wakkablam'; thus promoting user Wakkablam to administrator status or so.

Some poking around might be necessary to guess the structure of tables or such.

Is the bear still with you? Do you need assistance?