Currently I work on building large scale web services that face the the public as part of what Microsoft calls software plus services (Software+Services).  In this area of Internet facing applications all aspects of security are important, including intelligent attack mitigation at the software level.  The identification of possible threats and vulnerabilities are found through an iterative process called threat modeling during the design phase of the development lifecycle.  Here are some links that can help you build more secure web applications through the process of threat modeling.

Threat Modeling Web Applications - MSDN Patterns & Practices

Threat Modeling at the MSDN Security Development Center

Microsoft Application Threat Modeling Blog

Microsoft Application Consulting & Engineering Team Blog

Threat Modeling Articles at The Security Development Lifcycle Blog (MSDN)

Threat Modeling from Microsoft Press

Writing Secure Code, Second Edition from Microsoft Press