It's no news that several of the best application security minds are working for MS today. This blog is a live proof of that.There is a very good post there about the first line of defense for web applications, the input validation. I'm participating in a web app development project that has a small part of code audit. I demanded during the project specification that the input validation code was the minimum part that should be verified during the process. There is a picture in that post that show exactly why, input validation problems are in the center of several types of vulnerabilities, from SQL injection to buffer overflows.The post is the first part, according to the author. I hope to see a lot more about the subject there.