a) secure design principles;
b) secure implementation principles;
c) secure verification principles;
d) SQL injection;
e) cross-site scripting;
f) code analysis;
g)banned application programming interfaces (APIs);
h) buffer overflows;
i) source code annotation language;
j) security code review;
k) compiler defenses;
l) fuzz testing;
m) Microsoft SDL threat modeling principles; and
n) the Microsoft SDL threat modeling tool.
Each set of guidance contains Microsoft Office PowerPoint slides, speaker notes, train-the-trainer audio files, and sample comprehension questions. All materials have limited formatting so that you can leverage the content to achieve broader, enhanced adoption of Microsoft SDL principles in your development organization.