Writing More Secure IIS Applications
This section describes programming tasks that can be used to improve the security of an IIS application, such as validating user input and constructing database query strings that protect against script injection.
The information in this section comes from the book titled Writing Secure Code (ISBN 0-7356-1722-8). Writing Secure Code includes detailed information that can help developers create applications that protect against buffer overruns, canonical representation issues, denial of service attacks, identity impersonation, data tampering, and elevation of privilege.
There is also an extensive chapter about threat modeling, which can be used to identify weak areas of an existing application. Excerpts from the Web-related chapters are available at Microsoft Press Online.