I've talked about threat modeling being one part of the overall information security puzzle... there are other controls and tools you need to make the process run smoothly. Our team recently released another of these tools called XSSDetect which helps detect Cross-Site Scripting (XSS) problems in .NET code; one of the most common problems in code. XSSDetect is actually a smaller piece of another tool... More information including link to download available here.

-Talhah