Larry talks about the importance of validating input...I wanted to take this oppurtunity to highlight some of the things that we mentioned about INPUT VALIDATION in our guide "Improving Web Application Security: Threats and Countermeasures"
   http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/ThreatCounter.asp?frame=true

In our guide we talk about the following key vulnerability categories in great detail "input validation, authentication, authorization, configuration management, sensitive data, session management, cryptography, parameter manipulation, exception management and auditing and logging."

We talk about Input Validation at various places...I am just highlighting the key guidelines, read the chapter for detailed drilldown:

Chapter 4 – Design Guidelines for Secure Web Applications (You have been asked to architect/design an app, you should consider the following guidelines)
- Assume all input is malicious.
- Centralize your approach.
- Do not rely on client-side validation.
- Be careful with canonicalization issues.
- Constrain, reject, and sanitize your input.
See LINK for more info: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh04.asp


Chapter 5 – Architecture and Design Review for Security (You have been asked to review an existing architecture/design, you should consider asking the following questions)
- How Do You Validate Input?
    - Do you know your entry points?
    - Do you know your trust boundaries?
    - Do you validate Web page input?
    - Do you validate arguments that are passed to your components or Web services?
    - Do you validate data that is retrieved from a database? 
    - Do you centralize your approach? 
    - Do you rely on client-side validation?
What Do You Do with the Input?
    - Is your application susceptible to canonicalization issues? 
    - Is your application susceptible to SQL injection attacks?
See LINK for more info : http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh05.asp

Chapter 10 – Building Secure ASP .NET Pages and Controls (You have been asked to design/code ASP.NET pages, then you should consider the following guidelines/code-snippets/tips/techniques)
Constrain, Then Sanitize
Regular Expressions
RegularExpressionValidator Control
Regex Class
String Fields validation
Date Fields validation
Numeric Field validation
Range checks
Sanitizing Input
Validating HTML Controls
Validating Input Used for Data Access
Validating Input Used For File I/O
Common Regular Expressions
Cross-Site Scripting (Validate input, Encode output)
   Set the correct character encoding.
   Use the ASP.NET version 1.1 validateRequest option.
   Install URLScan on your Web server.
   Use the HttpOnly cookie option.
   Use the <frame> security attribute.
   Use the innerText property.
See LINK for more info : http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh010.asp

And the list goes on for each technology (Serviced Component, Web Services, Remoting, Data Access, SQL Server)...see individual chapters and the section INPUT VALIDATION.

It doesn't end here, you should also read Chapter 21: Code Review...it will give you a list of things that will educate you WHAT TO LOOK FOR.

Once you mastered all the INPUT strategies, now you can just use our checklist....so you don't have to carry the entire book/huge-stack-of-printouts for your reference...you can get to the index of checklists at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/CL_Index_Of.asp

Hope this helps!