Clinic 2806: Microsoft Security Guidance Training for Developers
I'd totally forgotten about this, but Microsoft eLearning has made available, "Clinic 2806: Microsoft Security Guidance Training for Developers"
It's a free on-line clinic that lasts about 6 hours aimed squarely at developers. It covers, among other things:
- Essentials of Application Security
- Secure Application Development Practices
- Security Technologies
- Secure Development Guidelines
- Defending Against Memory Issues
- Defending Against Arithmetic Errors
- Defending Against Cross-Site Scripting
- Defending Against SQL Injection
- Defending Against Canonicalization Issues
- Defending Against Cryptography Weaknesses
- Defending Against Unicode Issues
- Defending Against Denial of Service Attacks
- Secure Development Process
- Threat Modeling
- Risk Mitigation
- Security Best Practices
- .NET Framework Security Features (Big section!)
https://www.microsoftelearning.com/eLearning/offerDetail.aspx?offerId=11479