.NET makes it incredibly simple to build a site, and for new programmers, it can sometimes provide an unwarranted warm feeling that they are coding to an enterprise standard just by implementing certain aspects of the Enterprise Library, or properly tier-ing their application.

However, all is not well with the web world, as most of well know; many, many sites are exposed to basic SQL injection attacks due to failure in following some basic development principles.

For anyone wanting to read the basics, the Security Development Lifecycle team blog has posted an introduction to software architecture that reduces your attack surface area. Highly recommended for anyone new to web programming and using a database to serve their website; also a good refresher for old hands as well.

In addition, Microsoft has posted a source code analyzer for anyone wanting to run their web application through the ringer. Incredibly useful and highly recommended for anyone needing to learn more about web application security.