Most developers who use Microsoft developer tools and technologies will tell you that if you're looking for developer resources, just go to msdn online. Well not everyone uses Microsoft developer tools and technologies. This is where the Open Web Application Security Project (OWASP) comes in. When folks are looking for application software security guidance, they'll go to an online community such as OWASP. OWASP provides straightforward information so that folks can make informed decisions on the state of their application security whether you're working in .NET, Java, or PHP.
So be sure to check out OWASP, and especially their top 10 list for web application vulnerabilities at http://www.owasp.org/index.php/Top_10_2007 .