The OWASP (Open Web Application Security Project) have a convenient list of the top 10 Web Application vulnerabilities:
http://www.owasp.org/index.php/Top_10_2007
Here is a Microsoft Anti-Cross Site Scripting Library 1.5 tutorial:
http://msdn.microsoft.com/en-us/library/aa973813.aspx
Here's a very informative, although not very well-known security resource, the ASP.NET 2.0 Internet Secure Reference Implementation - basically Patterns & Practices:
http://code.msdn.microsoft.com/ASPNETv2RefImp
Last but not least, here's a video on the Architecture Behind CAT.NET:
http://channel9.msdn.com/posts/Jossie/Architecture-behind-CATNET/
Download the latest build of the CAT.NET tool here (32 and 64 bit):
http://bit.ly/164BlV
