Web applications have a class of security vulnerabilities, at times much widespread and trivial than the infamous buffer overflow.
Here are some interesting Security resources on .NET Web Application:
- .NET Security at MSDN - I specially like Improving Web Application Security white paper.
- AntiXSS Library - Microsoft Anti-Cross Site Scripting library to protect web apps from XSS.
- FxCop - A tools which analyses managed code assemblies
- Guidance Explorer - Developer guidance (a 15000 foot view though)
- .NET Security Blogs: Shawnfa, Michael Howard, CLRSecurity
- MSDN Security Developer Center - General guidance on writing secure code. The featured video on exporting and importing certificates would be helpful for doing certificate management as a HealthVault application.
- Update - Threat modeling web applications is a great read. The SDL Threat modeling tool and forum are of great utility as well.
Please leave a comment if you know of any valuable security resources.