Dino posted a great little article about common web attacks and methods of preventing them with the help of ASP.NET. I specifically like the Session Hijacking section cause that's a topic that sometimes is overlooked by many developers.