6. http://msdn.microsoft.com/en-us/library/ms995349.aspx

8. http://www.microsoft.com/security/sdl/story/ Life In the Digital Crosshairs

9. http://www.microsoft.com/security/sdl/default.aspx`

16. ‘Local’ context can access WINRT X ‘Web’ context cannot access WINRT More capabilities, greater risk

17. http://www.threatmodelingbook.com/

22. Code fixes performed after release can cost up to 30 times more than fixes performed during the design phase.* Release Source: National Institute of Standards and Technology * Source: Aberdeen Group Security and Software Development Lifecycle ? !!

30. Code Analysis /DYNAMICBASE Address Space Layout Randomization (ASLR) /NXCOMPAT Data Execution Prevention (DEP) /GS Buffer Security Check Flag Banned API

47. ? There are many inputs to store web apps to keep in mind.

50. http://msdn.microsoft.com/en-us/library/ms182032.aspx

53.  Understanding SAL (source code annotation language)  http://msdn.microsoft.com/en-us/library/hh916383.aspx http://msdn.microsoft.com/en-us/library/hh916383.aspx  Analyzing Application Quality by Using Code Analysis Tools  http://msdn.microsoft.com/en-us/library/dd264897.aspx http://msdn.microsoft.com/en-us/library/dd264897.aspx  Visual Studio 2013 Static Code Analysis in depth: What? When and how?  http://blogs.msdn.com/b/hkamel/archive/2013/10/24/visual-studio-2013-static- code-analysis-in-depth-what-when-and-how.aspx

54.  SDL Portal  http://www.microsoft.com/sdl http://www.microsoft.com/sdl  SDL Blog  http://blogs.msdn.com/sdl/ http://blogs.msdn.com/sdl/  Simplified Implementation of the Microsoft SDL  http://go.microsoft.com/?linkid=9708425 http://go.microsoft.com/?linkid=9708425  Forrester Consulting Report “State of Application Security”  http://go.microsoft.com/?linkid=9758989 http://go.microsoft.com/?linkid=9758989  Aberdeen Group Report “Security and the Software Development Lifecycle: Secure at the Source”  http://go.microsoft.com/?linkid=9769560 http://go.microsoft.com/?linkid=9769560