I would like to secure an ASP.NET web application against hacking. Is there a list of ASP.NET specific tasks specifically coding wise to make an ASP.NET more secure? Beyond what is mentioned on MSDN. I am interested in specific steps with code examples on ways to avoid cross site request forgeries & cross site scripting.

I know about using SQL parameters for sql injection, Windows authentication when connecting to SQL Server and validating form's input on the server.

+3  A: 

From Microsoft-

A more detailed checklist-

apocalypse9 is another good resource for xss protection. The library provides a higher level of protection than the default encoder functionality.

The OWASP (Open Web Application Security Project) have a convenient list of the top 10 Web Application vulnerabilities:

Here is a Microsoft Anti-Cross Site Scripting Library 1.5 tutorial:

Here's a very informative, although not very well-known security resource, the ASP.NET 2.0 Internet Secure Reference Implementation - basically Patterns & Practices:

Last but not least, here's a video on the Architecture Behind CAT.NET:

Download the latest build of the CAT.NET tool here (32 and 64 bit):