Security Learning Opportunity (SLO) – SLO provides a framework to create continuous learning within the application teams.  It creates an opportunity for on-going training that can be performed in under 30 minutes.  It also uses real-world business relevant events.


  • Down the Security Rabbithole (#DtSR) – James Jardine, Rafal Los and Michael Santarcangelo discuss current news topics and perform enterprise security interviews.
  • DevelopSec – James Jardine discusses security topics topics as they relate to developers, qa analysts and other non-security team members.


  • Developer Notes – James Jardine blogs about developer (mostly .Net) security topics.
  • DevelopSec – Blog about developing security within non-security groups (developers, qa, business, network, general public).


In the News




Security Documents

  • CSRF Workflow – Workflow describing ASP.Net Webform Cross Site Request Forgery (CSRF) testing.
  • HTML Encoding in .Net – Document describing the different .Net methods to HTMLEncode output.


  • FXCop – Analysis tool for managed code assemblies.
  • CAT.NET – Code analysis tool for managed assemblies used to identify common attack vectors.
  • StyleCop – Code analysis tool for managed assemblies used to identify style and consistency rules.
  • Microsoft SDL Regex Fuzzer – Free tool to check regular expressions for being vulnerabile to denial of service (ReDoS). Read more at OWASP
  • Microsoft Secure Development Lifecycle Site – This is Microsofts main SDL web page. This page contains important links to the SDL document as well as tools and other resources.
  • Web Protection Library – This library is for .Net developers and contains the Anti-XSS library to protect against cross site scripting (XSS).
  • Agnitio – This is a tool to help developers and security professionals conduct manual security code reviews.
  • Web.Config Security Analyzer (WCSA) – This tool helps identify security configurations in the web.config file.
  • AntiSQLi – This library helps developers write secure SQL query code by providing a simple interface.