Recently the Security Development Lifecycle (SDL) team announced the release of new type of security guidance papers called Quick security references (QSRs). The first two papers focus on Cross-Site scripting and SQL Injection. I would strongly recommend reading these interesting QSRs, as well as keeping an eye on the SDL blog.
-Raul Garcia
SDE/T
SQL Server Engine