Great link from Andy’s blog.
Threats and Countermeasures: Improve Your Web Application Security
This guide gives you a solid foundation for designing, building, and configuring secure ASP.NET Web applications. Whether you have existing applications or are building new ones, this guide is for you.
There’s some good stuff there, covering application design, infrastructure and a whole bunch of stuff anyone involved in building Web Applications should know. Check it out