The Microsoft Security Development Lifecycle team has made three documents available to help you better understand common attacks that might affect your software, webs sites and users.
With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the perspective of multiple business roles – business decision maker, architect, developer, and tester/QA. These papers will help you address a critical business problem now while moving you toward SDL adoption in the future.
The three papers are Quick Security References concerning Cross-Site Scripting, Exposure of Sensitive Information and SQL Injection.
You can download each paper individually at the Microsoft Download Center.