If you have not heard there is an updated MS SDL Starter Kit available for download. This kit provides a compilation of baseline developer security training materials on core Microsoft Security Development Lifecycle (SDL) topics.
The core Microsoft Security Development Lifecycle (SDL) topics include:
- Secure design principles
- Secure implementation principles
- Secure verification principles
- SQL injection
- Cross-site scripting
- Code analysis
- Banned application programming interfaces (APIs)
- Buffer overflows
- iSource code annotation language
- Security code reviews
- Compiler defenses
- Fuzz testing
- Microsoft SDL threat modeling principles
- The Microsoft SDL threat modeling tool
Each set of guidance contains Microsoft Office PowerPoint slides, speaker notes, train-the-trainer audio files, and sample comprehension questions. All materials have limited formatting so that you can leverage the content to achieve broader, enhanced adoption of Microsoft SDL principles in your development organization.