14 Secure Coding Tips: Learn from the Experts at @Build
Hey friends! If you are a developer, you know that writing clean and efficient code is just the starting point. Now, with AI playing a bigger role, secure coding isn't just a 'nice-to-have'âit's a must. Whether you're building web apps, working on cloud services, or adding AI to your projects, keeping your code safe is just as important as getting it out the door.
At Microsoft Build 2025, weâre bringing together some of the most influential security engineers, researchers, and developers to share practical tips and modern best practices to help you ship secure code â faster.
Here are 14 quick secure coding tips that will make you a better, more security-savvy developer â and the security sessions @Build where you can learn more from the experts:
đŻ 1. Secure AI from the start
Discover how to deliver intelligent apps without sacrificing security. This session covers how to protect against threats across code, secrets, dependencies, and even LLMs. Learn how to use Threat Modeling early in the product lifecycle to identify, assess and address security risks. Youâll learn about developer-focused security tools to deploy with confidence without context switching.
Learn more:
Session: âShift Left: Secure Your Code and AI from the Startâ
With Mark Russinovich, CTO, Deputy CISO and Technical Fellow, Microsoft Azure; Marcelo Oliveira, VP, Product Management, GitHub; Neil Coles, Principal Security Engineer
đ§Ș 2. Use the Wisdom from the Past
Michael Howard - author of the original secure coding book back in 2003 and now a senior director in the Microsoft Red Team - reflects on 25 years of secure code, how the practice has developed and current challenges in secure development. Get ready for an end-to-end secure coding journey from Bill Gates anecdotes and tips for how you in 2025 can code securely to meet today's security threats.
Learn more:
Session: âReflections on 25 years of writing secure codeâ
With Michael Howard, Senior Director, Red Team
đ3. Lock down the data
Microsoft is releasing a set of Purview APIs (+SDK) that will allow partners and customers to integrate their custom AI apps with the Microsoft Purview ecosystem for enterprise grade Data Security and Compliance outcomes. Join this demo session to get the latest.
Learn more:
Session: âBuild secure and compliant AI applications with Microsoft Purviewâ
With Arpitha Dhanapathi, Principal Product Manager
đ4. Think about security from start to finish
Security can be challenging at the best of times, especially when itâs not your full-time job. In this session, we walk you through the end-to-end deployment of a secure AI application, all the way from identities, VNETS, NSGs, key vault through to prompt shields and data labelling. If youâve ever felt overwhelmed by trying to do the right thing by security but didnât know where to start, this session is for you!
Learn more:
Session: âDeploying an end-to-end secure AI applicationâ
With Sarah Young, Principal Security Advocate & Pamela Fox, Principal Cloud Advocate
đ€ 5. Play dev-ils advocate
To keep pace with evolving AI risks, organizations need tools to effectively test their AI systems, simulate adversarial attacks, and uncover weaknesses before bad actors can exploit them. Learn how the AI Red Teaming Agent in Azure AI Foundry can help your organization run automated scans for safety risks so you can leverage Microsoft's deep expertise to scale and accelerate your AI development with Trustworthy AI at the forefront.
Learn more:
Session: âAccelerate AI red teaming for your GenAI apps with Azure AI Foundryâ
With Minsoo Thigpen, Senior Product Manager & Nagkumar Arkalgud, Senior Software Engineer
đ„·6. Skill up on agents
Agentsâtheyâre all anyone is talking about. Join this demo session to learn how to extend security copilot to facilitate security and IT workflows across your environment. In this demo you will see how to build an agent with supporting components - plugins and KQL queries - and architect it with triggers to automatically run.
Learn more:
Session: âBuilding Agents with Security Copilotâ
With Vinod Jagannathan, Principal Product Manager
đ7. Get the inside scoop first
One of the pillars of SFI is securing the engineering system. We will explore changes made to Azure DevOps to enable enhanced engineering system security at Microsoft and how customers can use them to better secure their own engineering systems as well.
Learn more:
Session: âLearn How Microsoft secured the Engineering Systemâ
With Karl Piteira, Principal Group Program Manager & Rajesh Ramamurthy, Senior Director, Principal Group Product Management
đ©8. Automate what you can
You donât have to wait to identify risks. The Python Risk Identification Tool for generative AI (PyRIT) is an open source framework built to empower security professionals and engineers to proactively identify risks in generative AI systems. In this hands-on lab, you will learn how to deploy PyRIT and test it against a variety of AI applications.
Learn more:
Session: âAI security testing with PyRITâ
With Roman Lutz, Responsible AI Engineer & Richard Lundeen, Principal Software Engineering Lead - AI Red Team
âïž 9. Secure APIs
Join us for an engaging and informative session where we delve into the intricacies of API security in the context of AI. We'll examine the unique challenges posed by AI-driven applications and the sophisticated threats that target their APIs. From unauthorized access and data breaches to injection attacks and exploitation of vulnerabilities, the risks are manifold. However, with the right approach, these risks can be effectively mitigated.
Learn more:
Session: âFortifying AI Frontiers - Securing APIs the path to your AI appâ
With Abhi Singh, Director, Global Black Belt - SecurityâŻ& Preetham Anand Naik, Senior Product Manager
đ 10. Verify explicitly, and automatically
We all know the saying, but weâve got to put it into practice. Join this session to learn how to enable automated processes to securely onboard and grant resource access for high-privilege users with the Microsoft Entra Suite and MS Graph. Verify the identities of admins, C-level employees, or others who need access to sensitive internet or on-premises resources, and automatically reverify them at regular intervals. Work with a chosen identity verification partner for government ID-based verification that ensures your organization onboards and grants access to the right person.
Learn more:
Session: âSecure onboarding and access with the Microsoft Entra Suiteâ
With Sri Ponnada, Senior Product Manager
â
11. Apply best practices
Join us for an insightful session on best practices and enablement topics for developing and deploying secure solutions within Business Applications, as part of the Secure Future Initiative (SFI). We will look holistically at Power Platform features for Security under SFI pillars and explore Responsible AI with Purview and Copilot. We will further explore demos, design review checklists on product features under Secure by Design, Secure by Default, and Secure Operations for BizApps Solutions.
Learn more:
Session: âBuilding Secure Business Apps: Best Practices for Design to Deploymentâ
With Muhammad Aurangzeb, Senior Partner Solution Architect
đ¶ïž 12. Use agents for Zero Trust
In this session, you will learn how to build AI Agents using the OpenAI SDK with Assistants and Function Calling for APIs secured by Microsoft Entra ID. This ensures adherence to Zero Trust principles. We will cover the essential steps to set up and configure the OpenAI SDK in a C# environment and demonstrate how to leverage Microsoft Entra ID for secure authentication and authorization.
Learn more:
Session: âBuilding Secure AI Agents with Microsoft Entra IDâ
With Fabian Alves, Senior Product Manager
đ¶âđ«ïž 13. Secure your apps, secure your people
Learn how to enable automated processes to securely onboard and grant resource access for high-privilege users with the Microsoft Entra Suite and MS Graph. Verify the identities of admins, C-level employees, or others who need access to sensitive internet or on-premises resources, and automatically reverify them at regular intervals. Work with a chosen identity verification partner for government ID-based verification that ensures your organization onboards and grants access to the right person.
Learn more:
Session: âSecuring Applications with Microsoft Entra IDâ
With Robert Stewart, Senior Specialist
đČ 14. Keep it user-friendly for the best results
In the rapidly evolving landscape of mobile application development, achieving pixel-perfect design and robust security is paramount. This lab focuses on the creation of mobile applications integrated via Native Authentication in Microsoft Entra External ID. Participants will explore the intricacies of designing visually precise user interfaces that align seamlessly with their brand while implementing native authentication methods, ensuring secure and efficient user verification processes.
Learn more:
Session: âCreating pixel-perfect mobile apps with Native Authenticationâ
With Joylynn Kirui, Senior Cloud Security Advocate
đŹ Come Learn from the People Building the Future
Join these sessions and more at Microsoft Build 2025. Whether you're a junior dev or a senior architect, you'll walk away with real-world tactics to help you build apps that are secure, scalable, and resilient â by design.
đ Register for Microsoft Build Security Sessions Now »
.jpg?width=350&height=&ar=16:9&mode=crop&format=avif&dpr=2)
