Free Online Self-Paced Course: "Microsoft Security Guidance Training for Developers"

  • Article

As a lot of developers still need to learn about application security, I'm very delighted to see that Microsoft Learning still makes available 2 clincs (each take approx. 6 hours to complete) with Microsoft Security Guidance Training for Developers at no cost. If you're a responsible developer, you should make sure you and your colleagues know the basics around application security. So please forward these 2 links to all people that you think might benefit from this free offer.

Clinic 2806: Microsoft Security Guidance Training for Developers (part 1)

This online clinic provides students with knowledge and skills essential for the creation of applications with enhanced security. Students will learn about the need for implementing security at every stage of the development process and best practices for applying security principles. Students will also learn how to use established threat modeling methodologies and tools with other best practices to minimize vulnerabilities and limit damage from attacks. Finally, students will learn how to implement security features to enhance security for Web applications and Web services that are built by using Microsoft ASP.NET.

Clinic 2807: Microsoft® Security Guidance Training for Developers (part 2)

This clinic discusses best practices for building security into the design, development, testing, and deployment phases of the software development life cycle. It is targeted towards individuals with at least one to two years of programming experience. The course will provide developers with the skills and knowledge to design and develop more secure Microsoft solutions.

Alternatively, you can also read the following Microsoft Press books on general application security topics:

Writing Secure Code, Second Edition

This book is a classic. Contrary to what one might think, this book is not boring at all. I remember having it read completely (approx. 800 pages) in about a week, which is very fast for me. Really recommended reading! As indicated on the book: "Discover the best practices for writing secure code and stopping malicious hackers in their tracks - direct from the top security experts at Microsoft!"

Writing Secure Code for Windows Vista

This book complements "Writing Secure Code, Second Edition" and adds specific topics around application security and Windows Vista. Topics include developing applications to run without administrator privileges, best practices for integrity controls, authentication, authorization and cryptographic enhancements.

Security Development Lifecycle

It's important to think about security from the beginning till the end when analyzing and developing an application. That's why a Security Development Lifecycle should be incorporated in the Application Lifecycle. Michael Howard and Steve Lipner from the Microsoft Security Engineering Team share their knowledge and best practices around SDL with their readers. (Some Belgians might remember the VISUG session on this topic of several months ago. The feedback was quite positive.) You might also be interested in reading the Security Development Lifecycle MSDN Blog.

I know that I keep repeating the same message time after time. But that's only because it is still necessary to have people learn about application security. Still too many applications and web sites are vulnerable to the easiest, simplest and most common security attacks. That's why every IT manager, every development team lead, yes, even every developer should make sure that their development team know about application security and how to avoid security breaches and pitfalls.

Technorati tags: Microsoft, elearning, security, application security, MSDN, Visual Studio, training