Jean-Pierre Paradis's Blog: Cross-site Scripting & SQL Injection quick reference

The Microsoft Security Development Lifecycle web site shows two interesting documents :

Quick Security References: Cross-site Scripting

Quick Security References: SQL Injection

You can download those at www.microsoft.com/downloads