Best of Application Security (Friday, Apr. 9)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.=

• Microsoft SDL version 5
• Force.com Secure Cloud Development
• Stroke triggered XSS and StrokeJacking
• German Government Pays Hacker For Stolen Bank Account Data
• CAPEC-333: WASC Threat Classification 2.0
• WAF Confusion Continues
• Serious New Java Flaw Affects All Current Versions of Windows + Advisory
• Safari Integer Overflow Aids Inter Protocol Exploitation
• OWASP AIR + Flash Security Projects
• Prion 1.1 - Polymorphic XSS Worm