Last week's MSDN Days in Belfast and Dublin featured an excellent presentation on ASP.NET Security by DevelopMentor's Dominick Baier. Dominick demonstrated how a hacker could exploit a simple and preventable vulnerability to exploit an ASP.NET site. He then proceeded to show how to protect your site against some of the top ten vulnerabilities.
Dominick has posted his slides and demo material up on his website. The zip includes the code and data necessary to recrate the attack he demonstrated against the Fred's Computer Store sample site. Amazing stuff.
There's more on security at Dominick's site, and also on the MSDN site under security.