Recently the Security Development Lifecycle (SDL) team announced the release of new type of security guidance papers called Quick security references (QSRs). The first two papers focus on Cross-Site scripting and SQL Injection. I would strongly recommend reading these interesting QSRs, as well as keeping an eye on the SDL blog.

 -Raul Garcia
  SQL Server Engine