There are a number of good resources on secure programming from Microsoft describing a secure developmental life cycle and tools. If you are programming with Microsoft tools then it is recommended that you look at their resources, however the resources are not just of interest to the their development environment but are applicable in many cases to others. In just the same way, there other resources that will help if you are developing using the Microsoft tools such as OWASP and (ISC)2.
Microsofts Security Development Lifecycle (SDL)
http://www.microsoft.com/security/sdl/default.aspx
The Microsoft Site gives a lot of information on using a Secure Development lifecycle much of which is transferable to other development environments, the principles behind the Microsoft's SDL and pretty much good solid principles.
Free tools from Microsoft
Some of these tools are more for the Microsoft programming environment than others
Threat Modeling Tool
The SDL Threat Modeling Tool helps engineers analyze the security of their systems to find and address design issues early in the software lifecycle. To help make threat modeling a little easier, Microsoft offers a free SDL Threat Modeling Tool that enables non-security subject matter experts to create and analyze threat models by communicating about the security design of their systems, Analyzing those design for potential security issues using a proven methodology and suggesting and managing mitigations for security issues.
http://blogs.technet.com/b/security/archive/2012/08/23/microsoft-s-free-security-tools-threat-modeling.aspx
Attack Surface Analyzer
Attack Surface Analyzer can help software developers and Independent Software Vendors (ISVs) understand the changes in Windows systems’ attack surface resulting from the installation of the applications they develop. It can also help IT professionals, who are responsible for managing the deployment of applications or the security of desktops and servers, understand how the attack surface of Windows systems change as a result of installing software on the systems they manage.
http://blogs.technet.com/b/security/archive/2012/08/02/microsoft-s-free-security-tools-attack-surface-analyzer.aspx
Anti-Cross Site Scripting Library
The Microsoft Anti-Cross Site Scripting Library V4.2.1 (AntiXSS V4.2.1) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. It differs from most encoding libraries in that it uses the white-listing technique -- sometimes referred to as the principle of inclusions -- to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes.
http://msdn.microsoft.com/en-us/security/aa973814.aspx
banned.h
The banned.h header file is a sanitizing resource that is designed to help developers avoid using and help identify and remove banned functions from code that may lead to vulnerabilities. Banned functions are those calls in code that have been deemed dangerous by making it relatively easy to introduce vulnerabilities into code during development.
http://blogs.technet.com/b/security/archive/2012/08/30/microsoft-s-free-security-tools-banned-h.aspx
