The Security Development Lifecycle (SDL) team recently released details of the SDL process at microsoft.com/sdl.

What you won't find in the publicly available SDL documentation is guidance specific to securing Web applications or online services.

In the September 2008 issue of MSDN Magazine, Bryan Sullivan explains why it's just as important to threat model your Web Forms applications as it is your Windows Forms applications, and shares the newest Web-specific SDL requirements for the first time.

You can also check out previous Security Briefs columns and other security topics covered in MSDN Magazine in our online archives.