Preventing cross-site scripting (XSS) attacks
Partitioning sites into public and restricted areas
Preventing session hijacking and cookie replay attacks
Developing secure Forms authentication
Preventing rich exception details from reaching the client
Validating input in Web pages and controls