The following link is highly recommended before developing any ASP.Net applications.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch08.asp