ASP.NET developers should be aware of the ASP.NET canonicalization vulnerability. More information here: http://www.microsoft.com/security/incident/aspnet.mspx

BGold shares some good info here: http://blogs.msdn.com/bgold/archive/2004/10/05/238449.aspx