From the msdn developer security center website... The Microsoft Security Development Lifecycle (SDL) is the industry-leading software security assurance process. A Microsoft-wide initiative and a mandatory policy since 2004, SDL has played a critical...

  The following security-related tools are required or recommended for use as part of the SDL. For details on how these tools fit into the SDL, please refer to the SDL process guidance section of this Web site. The tools are available for free download...

Microsoft ASP.net site http://www.asp.net/learn/ . Joe Stagner is going to start promoting some security videos here. You'll also hear more about it on www.securedeveloper.com . In the meantime check out all the free tutorials you can find here on How...

  This morning I had a chance to listen to Scott Charney, VP of Microsoft Trustworthy Computing, at the All Hands meeting. Scott brought up a good point this morning about the need to reach out to the industry. One of the issues consumers have with...

Wireless Hackers Suspected In TJ Maxx Breach

Application Development trends published a study from Cenzic , that shows that 70% of web applications analyzed where susceptible to cross site scripting  exploitations with 20% of the web applications studied were vulnerable to SQL injection type...

Cool article on msdn online that talks about top security tips every developer must know. Defend Your Code with Top Ten Security Tips Every Developer Must Know Summary There are many ways to get into trouble when it comes to security. You can trust all...

Kim Sanchez who manages our Consumer Marketing initiative here in Microsoft Trustworthy Computing had this to share. If you've got creative campaigns out there to drive meaningful change in privacy, Internet safety, and security issues, please submit...

Is this confusing to you? Do you confuse this with the Software Development Life Cycle (SDLC) ? Should Microsoft change this to something more easier to understand or remember, such as Secure SDLC? or Secure Software Development Lifecycle (SSDL)?

Most developers who use Microsoft developer tools and technologies will tell you that if you're looking for developer resources, just go to msdn online. Well not everyone uses Microsoft developer tools and technologies. This is where the Open Web Application...

Everyone who is interested in learning about security needs to stay focused on this blog when it launches. This is Joe's new security blog that he's going to manage from Scott Guthrie's team. It's going to be good. This is sort of like getting the advanced...

This is an older on demand webcast series, but I'm considering resurrecting this next year.   Digital Blackbelt Series

JD Meier has been busy. Visit his blog site for the updates on 6 new patterns & practices WCF Security How To's .

  J.D. Mier is a principal program manager who manages our patterns and practices content. He's updated the WCP application security scenarios on their CodePlex site . Be sure to check it out.

As part of its commitment to a more secure and trustworthy computing ecosystem, Microsoft is making the details of the SDL process generally available online for the first time. IT policy makers and software development organizations can leverage this...

I'm trying to develop a framework for security related content, and one of the issues I'm trying to address is how folks go about searching for security content. Yes, I know you pull up your browser, and do a Google search on SDL, threat modeling, STRIPE...

An Overview of Security in the .NET Framework , by Dr. Demien Watkins, Sebastian Lange, Microsoft Corporation "The fundamental features in the Microsoft .NET Framework security system are profiled, including the ability to confine code to run in...

For those of you who know Joe Stagner and his days hosting live events, live TechNet Webcasts, and presenting at TechEd sessions, enough said. Just check out his blogs below. Joe is going to start a series of how do I developer security videos on Microsoft...