Security Guidance Training for Developers

Over the last few weeks a bunch of security Microsofties have been talking to customers about some of the lessons we have learned, best practices and so on. We have now made that training available through an eLearning center. There are three courses available free of charge:

  • Clinic 2801: Microsoft Security Guidance Training I

  • Clinic 2802: Microsoft Security Guidance Training II

  • Clinic 2806: Microsoft Security Guidance Training for Developers

This is professionally put together and it's all free stuff folks! I haven't had time to look at the IT sessoins (2801 & 2802) but the developer stuff is based in part on the training we deliver internally to new engineers.


Comments (9)
  1. Dana Epp's ramblings at the Sanctuary says:

    I noticed Michael mention some new e-learning clinics on security that Microsoft is hosting. I was kinda interested in the developer focused one which is Clinic 2806: Microsoft Security Guidance Training for Developers. The layout of the course is pretty good. A quick review of the modules in the course may be in order: Clinic Introduction Essentials of Application Security Welcome to Essentials of Application Security The Importance of Application Security Secure Application Development Practices Security Technologies Secure Development Guidelines Summary Writing Secure Code – Best Practices Welcome to Writing Secure Code – Best Practices Secure Development Process Threat Modeling Risk Mitigation Security Best Practices Summary Writing Secure Code – Threat Defense Welcome to Writing Secure Code – Threat Defense The Need for Secure Code Defending Against Memory Issues Defending Against Arithmetic Errors Defending Against Cross-Site Scripting Defending Against SQL Injection Defending Against Canonicalization Issues Defending Against Cryptography Weaknesses Defending Against Unicode Issues Defending Against Denial of Service Summary Implementing Application Security Using the Microsoft .NET Framework Welcome to Implementing Application Security Using the Microsoft .NET Framework .NET Framework Security Features Code-Access Security Role-Based Security Cryptography Securing ASP.NET Web Applications Securing ASP.NET Web Services Summary Clinic Summary Clinic Evaluation As you can see this is a well rounded course, well suited to educate the principles of secure programming to many a developer. Almost all of this is covered off in Microsoft’s security webcasts, but this structured format might make for more focused instruction for those who don’t grasp the concepts that easily. Well done Microsoft. Education is key when it comes to security, and I like to see offerings like this… especially when its free. Whats this mean to you? It means you should probably go take the course if you are even considering touching code! Knowledge is power and all that. Never say no to free education. And even if you know these concepts… its nice to see how others are presenting the topic… allowing you to learn from the experience and pass it along to your teams. Enjoy!…

  2. As one of the folks who’s spent the last several weeks presenting two of the modules in 2806 (Essentials of Application Security and Writing Secure Code – Best Practices), I’m pleased to say that the session materials have been very well received. Having the sessions (plus the two other MSDN sessions) available online has been a nice bonus for our attendees, as well.


Comments are closed.

Skip to main content