We did a focused set of security videos with Keith Brown a while back. The problem is they're not very findable (most customers I talk to aren't aware of them). I added them to soapbox and listed them below to see if it helps (note soapbox may prompt you to log in):
Input and Data Validation Videos
- Paths, URLs, and Canonicalization - shows you how to avoid input and data validation security issues related to path validation.
- Cookies and Tamper Detection - shows you how to protect from cookie tampering issues.
- Cross Site Scripting - shows you how to protect from cross-site scripting issues.
- Regular Expressions - shows you how to use regular expressions to validate input and data.
- SQL Injection - shows you how to protect from SQL injection.
- ASP.NET Validation Controls - shows you how to use validation controls for input validation.
They're designed to help you get key concepts behind some of our security guidance. I also wanted to use somebody that was recognized in the field as somebody you could trust. Keith's proven himself for a long time in the security community. He also has the aura of an experienced trainer, which I think comes across in these videos.