I'd totally forgotten about this, but Microsoft eLearning has made available, "Clinic 2806: Microsoft Security Guidance Training for Developers"

It's a free on-line clinic that lasts about 6 hours aimed squarely at developers. It covers, among other things:

  • Essentials of Application Security
  • Secure Application Development Practices
  • Security Technologies
  • Secure Development Guidelines
  • Defending Against Memory Issues
  • Defending Against Arithmetic Errors
  • Defending Against Cross-Site Scripting
  • Defending Against SQL Injection
  • Defending Against Canonicalization Issues
  • Defending Against Cryptography Weaknesses
  • Defending Against Unicode Issues
  • Defending Against Denial of Service Attacks
  • Secure Development Process
  • Threat Modeling
  • Risk Mitigation
  • Security Best Practices
  • .NET Framework Security Features (Big section!)