I am going to start new web application (ASP .Net), i was just wondering that how many type of attacks are possible on web application which we need to take care while building web application.
As i am developing this web application from scratch if i can get this kind of list and identify what i need to take care while building application it will be great help.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users.
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.
Also read
Five common Web application vulnerabilities
and a similar SO question
There are numerous possible attacks, in fact the more you learn about it so soon realise that it's pretty much an endless list.
However, it's unlikely you are going to be targeted by militray grade hackers and it's a minimum that you should be aware of and protect against the most common attacks, according to owasp.
Not forgetting that while you may only be interested in web application threats, a field in itself, you cannot be ignorant of the other threats to you. The top other two fields I can think of are infrastructure (e.g. denial of service) and social engineering (e.g. using weak passwords or leaving them in unsecured locations). As always it's best to defend in depth and treat anything that is not yours as suspicious. The Microsoft SDL is one good place to start if you're interested in a more holistic approach and to have a more solid understanding.
That said, you know your situation. Assess the potential threats and associated risks. Calculate the costs in implementing them. This is your threat model. Then you'll be in a place where you can decide on how secure you can be, you'll never be 100% but as you keep getting closer the cost gets exponentially more expensive.
Craploads, but here is a top 10. You may also like to check out The OWASP Guide.