As I stated earlier, I am in the process of writing a course and book about the above topic. The rough outline will be:
- Threats & Mitigation Techniques & Guidelines
- IIS6 & ASP.NET Architecture
- Input Validation
- Storing Secrets
- Authentication & Authorization
- ASP.NET 2.0 Security Provider
- Instrumentation
- Partial Trust
- Deployment & Hardening
- Tools & Resources for Pen-Testing
Do you like anything special covered, with what have you been struggling with? Write me an email or leave a comment, thanks!